Debian Thunderbird vulnerabilities

CVE-2022-46872 [HIGH] CVE-2022-46872: firefox - An attacker who compromised a content process could have partially escaped the s... An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. Scope: local sid: resolved (fixed in 108.0-1)

CVE-2022-38473 [HIGH] CVE-2022-38473: firefox - A cross-origin iframe referencing an XSLT document would inherit the parent doma... A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. Scope: local sid: resolved (fixed in 104.0-1)

CVE-2022-40962 [HIGH] CVE-2022-40962: firefox - Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrs... Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affe

CVE-2022-22761 [HIGH] CVE-2022-22761: firefox - Web-accessible extension pages (pages with a moz-extension:// scheme) were not c... Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Scope: local sid: resolved (fixed in 97.0-1)

CVE-2022-42932 [HIGH] CVE-2022-42932: firefox - Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safe... Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbi

CVE-2022-22764 [HIGH] CVE-2022-22764: firefox - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safe... Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR <

CVE-2022-22741 [HIGH] CVE-2022-22741: firefox - When resizing a popup while requesting fullscreen access, the popup would have b... When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-45409 [HIGH] CVE-2022-45409: firefox - The garbage collector could have been aborted in several states and zones and <c... The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-26387 [HIGH] CVE-2022-26387: firefox - When installing an add-on, Firefox verified the signature before prompting the u... When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Scope: local sid: resolved (fixed in 98.0-1)

CVE-2022-34481 [HIGH] CVE-2022-34481: firefox - In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer over... In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Scope: local sid: resolved (fixed in 102.0-1)

CVE-2022-38478 [HIGH] CVE-2022-38478: firefox - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox ... Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR <

CVE-2022-1529 [HIGH] CVE-2022-1529: firefox - An attacker could have sent a message to the parent process where the contents w... An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 9

CVE-2022-28289 [HIGH] CVE-2022-28289: firefox - Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriel... Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunder

CVE-2022-28281 [HIGH] CVE-2022-28281: firefox - If a compromised content process sent an unexpected number of WebAuthN Extension... If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-46874 [HIGH] CVE-2022-46874: firefox - A file with a long filename could have had its filename truncated to remove the ... A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting i

CVE-2022-22751 [HIGH] CVE-2022-22751: firefox - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratz... Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary

CVE-2022-46881 [HIGH] CVE-2022-46881: firefox - An optimization in WebGL was incorrect in some cases, and could have led to memo... An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Th

CVE-2022-0566 [HIGH] CVE-2022-0566: thunderbird - It may be possible for an attacker to craft an email message that causes Thunder... It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1. Scope: local bookworm: resolved (fixed in 1:91.6.1-1) bullseye: resolved (fixed in 1:91.6.1-1~deb11u1) forky: resolved (fixed in 1:91.6.1-1) sid: resolved (f

CVE-2022-26485 [HIGH] CVE-2022-26485: firefox - Removing an XSLT parameter during processing could have lead to an exploitable u... Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-2200 [HIGH] CVE-2022-2200: firefox - If an object prototype was corrupted by an attacker, they would have been able t... If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Scope: local sid: resolved (fixed in 102.0-1)