CVE-2021-43543

Type: 

Cross-Site Scripting (XSS)

Severity: 

Medium

Publication date: 

12/08/2021

Last modified: 

03/16/2022

Description

Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird

Impact

Access Vector: Through network

Access Complexity: Media

Authentication: Not required to exploit

Impact Type: Partially affects on system integrity + No impact on system confidentiality + No impact on system availability

Vulnerable software and versions

• cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
• cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
• cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

To consult the complete list of products and versions see this page

References to Advisories, Solutions, and Tools

• https://www.mozilla.org/security/advisories/mfsa2021-52/ (Source: MISC)
• https://bugzilla.mozilla.org/show_bug.cgi?id=1738418 (Source: MISC)
• https://www.mozilla.org/security/advisories/mfsa2021-54/ (Source: MISC)
• https://www.mozilla.org/security/advisories/mfsa2021-53/ (Source: MISC)
• DSA-5026 (Source: DEBIAN)
• [debian-lts-announce] 20211229 [SECURITY] [DLA 2863-1] firefox-esr security update (Source: MLIST)
• DSA-5034 (Source: DEBIAN)
• [debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update (Source: MLIST)
• GLSA-202202-03 (Source: GENTOO)

Explanation of fields