Debian Thunderbird vulnerabilities

CVE-2022-45420 [MEDIUM] CVE-2022-45420: firefox - Use tables inside of an iframe, an attacker could have caused iframe contents to... Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-45408 [MEDIUM] CVE-2022-45408: firefox - Through a series of popups that reuse windowName, an attacker can cause a window... Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Scope: local sid: resolved (fixed in 107.0-1)

CVE-2022-22739 [MEDIUM] CVE-2022-22739: firefox - Malicious websites could have tricked users into accepting launching a program t... Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-46880 [MEDIUM] CVE-2022-46880: firefox - A missing check related to tex units could have led to a use-after-free and pote... A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6. Scop

CVE-2022-29916 [MEDIUM] CVE-2022-29916: firefox - Firefox behaved slightly differently for already known resources when loading CS... Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Scope: local sid: resolved (fixed in 100.0-1)

CVE-2022-34472 [MEDIUM] CVE-2022-34472: firefox - If there was a PAC URL set and the server that hosts the PAC was not reachable, ... If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Scope: local sid: resolved (fixed in 102.0-1)

CVE-2022-22754 [MEDIUM] CVE-2022-22754: firefox - If a user installed an extension of a particular type, the extension could have ... If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Scope: local sid: resolved (fixed in 97.0-1)

CVE-2022-40960 [MEDIUM] CVE-2022-40960: firefox - Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This c... Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)

CVE-2022-40958 [MEDIUM] CVE-2022-40958: firefox - By injecting a cookie with certain special characters, an attacker on a shared s... By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Scope: local sid: resolved (fixed in 105.0-1)

CVE-2022-29914 [MEDIUM] CVE-2022-29914: firefox - When reusing existing popups Firefox would have allowed them to cover the fullsc... When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Scope: local sid: resolved (fixed in 100.0-1)

CVE-2022-46877 [MEDIUM] CVE-2022-46877: firefox - By confusing the browser, the fullscreen notification could have been delayed or... By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. Scope: local sid: resolved (fixed in 108.0-1)

CVE-2022-2226 [MEDIUM] CVE-2022-2226: thunderbird - An OpenPGP digital signature includes information about the date when the signat... An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old

CVE-2022-22747 [MEDIUM] CVE-2022-22747: firefox - After accepting an untrusted certificate, handling an empty pkcs7 sequence as pa... After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2022-36318 [MEDIUM] CVE-2022-36318: firefox - When visiting directory listings for `chrome://` URLs as source text, some param... When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. Scope: local sid: resolved (fixed in 103.0-1)

CVE-2022-36314 [MEDIUM] CVE-2022-36314: firefox - When opening a Windows shortcut from the local filesystem, an attacker could sup... When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1. Scope: local sid: reso

CVE-2022-3155 [HIGH] CVE-2022-3155: thunderbird - When saving or opening an email attachment on macOS, Thunderbird did not set att... When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3. Scope: local bookworm: resolved

CVE-2022-22753 [HIGH] CVE-2022-22753: firefox - A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service tha... A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ES

CVE-2022-46875 [MEDIUM] CVE-2022-46875: firefox - The executable file warning was not presented when downloading .atloc and .ftplo... The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. *Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. Scope: local sid: resolved

CVE-2022-22744 [HIGH] CVE-2022-22744: firefox - The constructed curl command from the "Copy as curl" feature in DevTools was not... The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Sc

CVE-2022-34478 [MEDIUM] CVE-2022-34478: firefox - The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protoc... The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open the