Mozilla Thunderbird vulnerabilities

CVE-2021-4140 [CRITICAL] CWE-91 CVE-2021-4140: It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. Th It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-34470 [CRITICAL] CWE-416 CVE-2022-34470: Session history navigations may have led to a use-after-free and potentially exploitable crash. This Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

CVE-2022-31747 [CRITICAL] CWE-125 CVE-2022-31747: Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memor Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thund

CVE-2022-22759 [CRITICAL] CWE-693 CVE-2022-22759: If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently append If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

CVE-2022-26384 [CRITICAL] CWE-693 CVE-2022-26384: If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

CVE-2022-31737 [CRITICAL] CWE-787 CVE-2022-31737: A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

CVE-2021-4127 [CRITICAL] CVE-2021-4127: An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be e An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9.

CVE-2022-46882 [CRITICAL] CWE-416 CVE-2022-46882: A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnera A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6.

CVE-2022-22740 [HIGH] CWE-416 CVE-2022-22740: Certain network request objects were freed too early when releasing a network request handle. This c Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-31739 [HIGH] CWE-73 CVE-2022-31739: When downloading files on Windows, the % character was not escaped, which could have lead to a downl When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 1

CVE-2022-34484 [HIGH] CWE-416 CVE-2022-34484: The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of th The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11

CVE-2022-46881 [HIGH] CWE-787 CVE-2022-46881: An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR <

CVE-2022-42932 [HIGH] CWE-787 CVE-2022-42932: Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in F Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4

CVE-2022-3033 [HIGH] CWE-79 CVE-2022-3033: If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the < If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. In combination with certain other HTML elements and attribut

CVE-2022-22763 [HIGH] CWE-362 CVE-2022-22763: When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6.

CVE-2022-29909 [HIGH] CWE-276 CVE-2022-29909: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

CVE-2022-2200 [HIGH] CWE-1321 CVE-2022-2200: If an object prototype was corrupted by an attacker, they would have been able to set undesired attr If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

CVE-2022-22751 [HIGH] CWE-787 CVE-2022-22751: Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited t

CVE-2022-36319 [HIGH] CWE-1021 CVE-2022-36319: When combining CSS properties for overflow and transform, the mouse cursor could interact with diffe When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

CVE-2022-46872 [HIGH] CWE-125 CVE-2022-46872: An attacker who compromised a content process could have partially escaped the sandbox to read arbit An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.