Debian Thunderbird vulnerabilities

CVE-2022-1520 [MEDIUM] CVE-2022-1520: thunderbird - When viewing an email message A, which contains an attached message B, where B i... When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This vulnerabil

CVE-2022-29911 [MEDIUM] CVE-2022-29911: firefox - An improper implementation of the new iframe sandbox keyword <code>allow-top-nav... An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Scope: local sid: resolved (fixed in 100.0-1)

CVE-2022-26383 [MEDIUM] CVE-2022-26383: firefox - When resizing a popup after requesting fullscreen access, the popup would not di... When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Scope: local sid: resolved (fixed in 98.0-1)

CVE-2022-42929 [MEDIUM] CVE-2022-42929: firefox - If a website called `window.print()` in a particular way, it could cause a denia... If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. Scope: local sid: resolved (fixed in 106.0-1)

CVE-2022-40956 [MEDIUM] CVE-2022-40956: firefox - When injecting an HTML base element, some requests would ignore the CSP's base-u... When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)

CVE-2022-29912 [MEDIUM] CVE-2022-29912: firefox - Requests initiated through reader mode did not properly omit cookies with a Same... Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Scope: local sid: resolved (fixed in 100.0-1)

CVE-2022-22743 [MEDIUM] CVE-2022-22743: firefox - When navigating from inside an iframe while requesting fullscreen access, an att... When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-31738 [MEDIUM] CVE-2022-31738: firefox - When exiting fullscreen mode, an iframe could have confused the browser about th... When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Scope: local sid: resolved (fixed in 101.0-1)

CVE-2022-45403 [MEDIUM] CVE-2022-45403: firefox - Service Workers should not be able to infer information about opaque cross-origi... Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed

CVE-2022-45416 [MEDIUM] CVE-2022-45416: firefox - Keyboard events reference strings like "KeyA" that were at fixed, known, and wid... Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-29913 [MEDIUM] CVE-2022-29913: thunderbird - The parent process would not properly check whether the Speech Synthesis feature... The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird < 91.9. Scope: local bookworm: resolved (fixed in 1:91.9.0-1) bullseye: resolved (fixed in 1:91.9.0-1~deb11u1) forky: resolved (fixed in 1:91.9.0-1) sid: resolved (fixed in 1:91.9.

CVE-2022-1196 [MEDIUM] CVE-2022-1196: firefox-esr - After a VR Process is destroyed, a reference to it may have been retained and us... After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8. Scope: local bookworm: resolved (fixed in 91.8.0esr-1) bullseye: resolved (fixed in 91.8.0esr-1~deb11u1) forky: resolved (fixed in 91.8.0esr-1) sid

CVE-2022-3032 [MEDIUM] CVE-2022-3032: thunderbird - When receiving an HTML email that contained an <code>iframe</code> element, whic... When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird <

CVE-2022-1197 [MEDIUM] CVE-2022-1197: thunderbird - When importing a revoked key that specified key compromise as the revocation rea... When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a revocation reason, were unaffected. This vulnerability affects Thun

CVE-2022-31742 [MEDIUM] CVE-2022-31742: firefox - An attacker could have exploited a timing attack by sending a large number of al... An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Scope

CVE-2022-28282 [MEDIUM] CVE-2022-28282: firefox - By using a link with <code>rel="localization"</code> a use-after-free could have... By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Scope: local sid: resolved (fixed in 99.0-1)

CVE-2022-45404 [MEDIUM] CVE-2022-45404: firefox - Through a series of popup and <code>window.print()</code> calls, an attacker can... Through a series of popup and window.print() calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-38472 [MEDIUM] CVE-2022-38472: firefox - An attacker could have abused XSLT error handling to associate attacker-controll... An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Fir

CVE-2022-22760 [MEDIUM] CVE-2022-22760: firefox - When importing resources using Web Workers, error messages would distinguish the... When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Scope: local sid: resolved (fixed in 97.0-1)

CVE-2022-3266 [MEDIUM] CVE-2022-3266: firefox - An out-of-bounds read can occur when decoding H264 video. This results in a pote... An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)