VDB

CVE-2021-29949

CVE-2021-29949 PUBLISHED

When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1.

EPSS 0.06% · 19.7th percentile

Risk Scores

EPSS Score
0.06%
19.7th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSthunderbird*, 1:60.6.1+build2-0ubuntu0.18.04.1, 1:60.7.0+build1-0ubuntu0.18.04.1
Ubuntu:20.04:LTSthunderbird1:68.1.2+build1-0ubuntu1, 1:68.1.2+build1-0ubuntu2, 1:68.2.2+build1-0ubuntu1

Timeline

  • Apr 22, 2021 CVE Published
  • Jun 25, 2021 EPSS Score
  • Jul 2, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 24, 2021 EPSS Score
  • Dec 23, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 21, 2022 EPSS Score
  • Apr 23, 2022 EPSS Score
  • Jun 22, 2022 EPSS Score
  • Aug 22, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›