One vulnerability tracked as CVE-2021-38505 is of particular interest as its related to the Windows 10 Cloud Clipboard. MOZ-2021-0007: Memory corruption flaws that may lead to arbitrary code execution.MOZ-2021-0008: Use-after-free in HTTP2 Session object, leading to memory corruption and possibly to an exploitable crash.inetloc files, allowing code execution on macOS. CVE-2021-38510: Bypass ‘Download Protections’ on.
CVE-2021-38505: Windows 10 Cloud Clipboard sensitive data recording, copying sensitive user data to the user’s Microsoft account, increasing the risk of information disclosure.CVE-2021-38504: user-after-free in the file picker dialog, leading to memory corruption and a potentially exploitable crash.CVE-2021-38503: iframe bypass restrictions that allow script execution.Mozilla Thunderbird 91.3 fixes ten flaws discovered by various researchers that cover a broad spectrum of the email client's functionality. Triggering most of the newly discovered bugs requires a user to open a specially crafted website in a browsing context, so the exploitation is relatively simple.
Mozilla released Thunderbird 91.3 to fix several high-impact vulnerabilities that can cause a denial of service, spoof the origin, bypass security policies, and allow arbitrary code execution.