Mozilla Thunderbird vulnerabilities

CVE-2022-38472 [MEDIUM] CWE-346 CVE-2022-38472: An attacker could have abused XSLT error handling to associate attacker-controlled content with anot An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR <

CVE-2022-45408 [MEDIUM] CWE-79 CVE-2022-45408: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen wi Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-40957 [MEDIUM] CWE-240 CVE-2022-40957: Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

CVE-2022-46877 [MEDIUM] CVE-2022-46877: By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108.

CVE-2022-26386 [MEDIUM] CWE-377 CVE-2022-26386: Previously Firefox for macOS and Linux would download temporary files to a user-specific directory i Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. *This bug only affects Firefox for macOS and Linux. Other operating

CVE-2022-36314 [MEDIUM] CWE-427 CVE-2022-36314: When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path th When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

CVE-2022-45405 [MEDIUM] CWE-416 CVE-2022-45405: Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led t Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-36318 [MEDIUM] CWE-362 CVE-2022-36318: When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

CVE-2022-40958 [MEDIUM] CWE-74 CVE-2022-40958: By injecting a cookie with certain special characters, an attacker on a shared subdomain which is no By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

CVE-2022-45416 [MEDIUM] CWE-203 CVE-2022-45416: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-40960 [MEDIUM] CWE-416 CVE-2022-40960: Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-a Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

CVE-2022-42929 [MEDIUM] CWE-400 CVE-2022-42929: If a website called `window.print()` in a particular way, it could cause a denial of service of the If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.

CVE-2022-22745 [MEDIUM] CWE-200 CVE-2022-22745: Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violat Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-1520 [MEDIUM] CWE-346 CVE-2022-1520: When viewing an email message A, which contains an attached message B, where B is encrypted or digit When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This

CVE-2022-3266 [MEDIUM] CWE-125 CVE-2022-3266: An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

CVE-2022-45404 [MEDIUM] CWE-451 CVE-2022-45404: Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to g Through a series of popup and window.print() calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-31738 [MEDIUM] CWE-290 CVE-2022-31738: When exiting fullscreen mode, an iframe could have confused the browser about the current state of f When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

CVE-2022-3034 [MEDIUM] CWE-1021 CVE-2022-3034: When receiving an HTML email that specified to load an <code>iframe</code> element from a remote loc When receiving an HTML email that specified to load an iframe element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

CVE-2022-28282 [MEDIUM] CWE-416 CVE-2022-28282: By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by d By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

CVE-2022-22742 [MEDIUM] CWE-125 CVE-2022-22742: When inserting text while in edit mode, some characters might have lead to out-of-bounds memory acce When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.