CVE-2021-4127

Name	CVE-2021-4127
Description	An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-4874-1, DSA-4876-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
firefox-esr (PTS)	jessie, jessie (lts)	68.9.0esr-1~deb8u2	vulnerable
	stretch (security), stretch (lts), stretch	91.11.0esr-1~deb9u1	fixed
	buster (security), buster, buster (lts)	115.12.0esr-1~deb10u1	fixed
	bullseye	115.14.0esr-1~deb11u1	fixed
	bullseye (security)	128.4.0esr-1~deb11u1	fixed
	bookworm	128.3.1esr-1~deb12u1	fixed
	bookworm (security)	128.4.0esr-1~deb12u1	fixed
	sid, trixie	128.4.0esr-1	fixed
thunderbird (PTS)	jessie, jessie (lts)	1:68.9.0-1~deb8u2	vulnerable
	stretch (security), stretch (lts), stretch	1:91.10.0-1~deb9u1	fixed
	buster (security), buster, buster (lts)	1:115.12.0-1~deb10u1	fixed
	bullseye	1:115.12.0-1~deb11u1	fixed
	bullseye (security)	1:128.4.3esr-1~deb11u1	fixed
	bookworm	1:115.16.0esr-1~deb12u1	fixed
	bookworm (security)	1:128.4.3esr-1~deb12u1	fixed
	sid, trixie	1:128.4.3esr-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin
firefox-esr	source	jessie	(unfixed)	end-of-life
firefox-esr	source	buster	78.9.0esr-1~deb10u1		DSA-4874-1
firefox-esr	source	(unstable)	78.9.0esr-1
thunderbird	source	jessie	(unfixed)	end-of-life
thunderbird	source	buster	1:78.9.0-1~deb10u1		DSA-4876-1
thunderbird	source	(unstable)	1:78.9.0-1

Notes

https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-4127
https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-4127