{"id":2646,"date":"2021-03-26T14:26:28","date_gmt":"2021-03-26T19:26:28","guid":{"rendered":"https:\/\/cert.pa\/?p=2646"},"modified":"2021-03-26T14:27:15","modified_gmt":"2021-03-26T19:27:15","slug":"csirt-panama-aviso-2021-03-26-mozilla-thunderbird-multiples-vulnerabilidades-en-mozilla-thunderbird","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=2646","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2021-03-26 Mozilla Thunderbird: M\u00faltiples vulnerabilidades en Mozilla Thunderbird"},"content":{"rendered":"\n<p>CSIRT Panam\u00e1 Aviso 2021-03-26 Mozilla Thunderbird: M\u00faltiples vulnerabilidades en Mozilla Thunderbird<\/p>\n\n\n\n<p>Gravedad: Alta                                                                                                   <br>\nFecha de publicaci\u00f3n: Marzo 26, 2021<br>\n\u00daltima revisi\u00f3n: Marzo 26, 2021<br>\nSitio web: https:\/\/www.mozilla.org\/\/<br>\nSistemas Afectados: Mozilla Thunderbird, versiones de la 60.0 a la 78.8.1.<\/p>\n\n\n\n<p>I.    Descripci\u00f3n<br>\nVulnerabilidades cr\u00edticas que afectan al cliente de correo electr\u00f3nico Mozilla Thunderbird, 2 de severidad cr\u00edtica y 2 de severidad moderada (CVE-2021-23982, CVE-2021-23984).<\/p>\n\n\n\n<p>II.    Impacto<br>\nVulnerabilidad: CVE-2021-23981<br>\nDebido a una condici\u00f3n de l\u00edmites de memoria con un Pixel Buffer Object en WebGL. Un atacante remoto puede crear un sitio web y enga\u00f1ar a una v\u00edctima para que lo abra, detonando corrupci\u00f3n de memoria y ejecutar c\u00f3digo arbitrario en el sistema objetivo.<br>\nVulnerabilidad: CVE-2021-23987<br>\nDebido a un error de l\u00edmites de la memoria al procesar contenido HTML. Un atacante remoto puede crear un sitio web y enga\u00f1ar a una v\u00edctima para que lo abra, detonando corrupci\u00f3n de memoria y ejecutar c\u00f3digo arbitrario en el sistema objetivo.<\/p>\n\n\n\n<p>III. Referencia a soluciones, herramientas e informaci\u00f3n<br> Aplicar las \u00faltimas actualizaciones de los productos afectados desde el sitio oficial (https:\/\/www.thunderbird.net\/en-US\/thunderbird\/releases\/<br> Fuentes:<br> &#8211;    CSIRT Chile. 25 de febrero del 2021. Vulnerabilidades. Recopilado en: https:\/\/www.csirt.gob.cl\/vulnerabilidades\/9vsa21-00411-01\/<br> &#8211;    Mozilla.  Mozilla Foundation Security Advisory 2021-12. Recopilado en: https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2021-12\/<\/p>\n\n\n\n<p>Informaci\u00f3n de contacto<br>\nCSIRT PANAMA<br>\nComputer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental<br>\nE-Mail: info@cert.pa<br>\nPhone: +507 520-CERT (2378)<br>\nWeb: https:\/\/cert.pa<br>\nTwitter: @CSIRTPanama<br>\nKey ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CSIRT Panam\u00e1 Aviso 2021-03-26 Mozilla Thunderbird: M\u00faltiples vulnerabilidades en Mozilla Thunderbird Gravedad: Alta Fecha de publicaci\u00f3n: Marzo 26, 2021 \u00daltima revisi\u00f3n: Marzo 26, 2021 Sitio web: https:\/\/www.mozilla.org\/\/ Sistemas Afectados: Mozilla Thunderbird, versiones de la 60.0&#8230;<\/p>\n","protected":false},"author":4,"featured_media":2648,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[86,68],"class_list":["post-2646","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-firefox","tag-vulnerabilidades"],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2646","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2646"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2646\/revisions"}],"predecessor-version":[{"id":2647,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2646\/revisions\/2647"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/2648"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}