Bug 1738501 Comment 17 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by

Kai Engert [:KaiE:]

on 2021-12-01 14:03:21 PST

Suggested advisory text:

```
CVE-2021-43529:
     title:  Memory corruption when processing S/MIME messages
     impact: critical
     reporter: Tavis Ormandy
     description: |
       Thunderbird versions prior to 91.3.0 are vulnerable to the heap
overflow described in CVE-2021-43529 when processing S/MIME messages.
Thunderbird versions 91.3.0 and later will not call the vulnerable code 
when processing S/MIME messages that contain certificates with
DER-encoded DSA or RSA-PSS signatures.
     bugs:
       - url: 1738501
```

Revision 1 by

Kai Engert [:KaiE:]

on 2021-12-01 14:03:51 PST

Suggested advisory text:

```
CVE-2021-43529:
     title:  Memory corruption when processing S/MIME messages
     impact: critical
     reporter: Tavis Ormandy
     description: |
       Thunderbird versions prior to 91.3.0 are vulnerable to the heap
overflow described in CVE-2021-43527 when processing S/MIME messages.
Thunderbird versions 91.3.0 and later will not call the vulnerable code 
when processing S/MIME messages that contain certificates with
DER-encoded DSA or RSA-PSS signatures.
     bugs:
       - url: 1738501
```

Back to Bug 1738501 Comment 17