Debian Thunderbird vulnerabilities

CVE-2022-22737 [HIGH] CVE-2022-22737: firefox - Constructing audio sinks could have lead to a race condition when playing audio ... Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-22756 [HIGH] CVE-2022-22756: firefox - If a user was convinced to drag and drop an image to their desktop or other fold... If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Scope: local sid: resolved (fixed in 97.0-1)

CVE-2022-31740 [HIGH] CVE-2022-31740: firefox - On arm64, WASM code could have resulted in incorrect assembly generation leading... On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Scope: local sid: resolved (fixed in 101.0-1)

CVE-2022-1097 [MEDIUM] CVE-2022-1097: firefox - <code>NSSToken</code> objects were referenced via direct points, and could have ... NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-3034 [MEDIUM] CVE-2022-3034: thunderbird - When receiving an HTML email that specified to load an <code>iframe</code> eleme... When receiving an HTML email that specified to load an iframe element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1. Scope: local bookworm: resolved (fixed in 1:102.2.1-1) bullseye: resolved forky: resolved (fixed in 1

CVE-2022-1834 [MEDIUM] CVE-2022-1834: thunderbird - When displaying the sender of an email, and the sender name contained the Braill... When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If t

CVE-2022-28285 [MEDIUM] CVE-2022-28285: firefox - When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, a... When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-40957 [MEDIUM] CVE-2022-40957: firefox - Inconsistent data in instruction and data cache when creating wasm code could le... Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)

CVE-2022-22742 [MEDIUM] CVE-2022-22742: firefox - When inserting text while in edit mode, some characters might have lead to out-o... When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-45411 [MEDIUM] CVE-2022-45411: firefox - Cross-Site Tracing occurs when a server will echo a request back via the Trace m... Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on fetch() and XMLHttpRequest; however some webservers have implemented non-standard headers

CVE-2022-22745 [MEDIUM] CVE-2022-22745: firefox - Securitypolicyviolation events could have leaked cross-origin information for fr... Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-34479 [MEDIUM] CVE-2022-34479: firefox - A malicious website that could create a popup could have resized the popup to ov... A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. *This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbi

CVE-2022-31744 [MEDIUM] CVE-2022-31744: firefox - An attacker could have injected CSS into stylesheets accessible via internal URI... An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101. Scope: local sid: resolved (fixed in 101.0-1)

CVE-2022-45410 [MEDIUM] CVE-2022-45410: firefox - When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the ori... When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resol

CVE-2022-45405 [MEDIUM] CVE-2022-45405: firefox - Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creat... Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-26386 [MEDIUM] CVE-2022-26386: firefox-esr - Previously Firefox for macOS and Linux would download temporary files to a user-... Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. *This bug only affects Firefox for macOS and Linux. Other operating systems are

CVE-2022-22748 [MEDIUM] CVE-2022-22748: firefox - Malicious websites could have confused Firefox into showing the wrong origin whe... Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-40959 [MEDIUM] CVE-2022-40959: firefox - During iframe navigation, certain pages did not have their FeaturePolicy fully i... During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)

CVE-2022-45418 [MEDIUM] CVE-2022-45418: firefox - If a custom mouse cursor is specified in CSS, under certain circumstances the cu... If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-28286 [MEDIUM] CVE-2022-28286: firefox - Due to a layout change, iframe contents could have been rendered outside of its ... Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Scope: local sid: resolved (fixed in 99.0-1)