Mozilla Thunderbird vulnerabilities

CVE-2022-31742 [MEDIUM] CWE-203 CVE-2022-31742: An attacker could have exploited a timing attack by sending a large number of allowCredential entrie An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR

CVE-2022-34478 [MEDIUM] CWE-601 CVE-2022-34478: The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the us

CVE-2022-22754 [MEDIUM] CWE-863 CVE-2022-22754: If a user installed an extension of a particular type, the extension could have auto-updated itself If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

CVE-2022-2226 [MEDIUM] CWE-294 CVE-2022-2226: An OpenPGP digital signature includes information about the date when the signature was created. Whe An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old emai

CVE-2022-3032 [MEDIUM] CWE-610 CVE-2022-3032: When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdo When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Th

CVE-2022-45420 [MEDIUM] CWE-1021 CVE-2022-45420: Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-26383 [MEDIUM] CWE-451 CVE-2022-26383: When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

CVE-2022-28286 [MEDIUM] CWE-1021 CVE-2022-28286: Due to a layout change, iframe contents could have been rendered outside of its border. This could h Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

CVE-2021-4126 [MEDIUM] CVE-2021-4126: When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message l When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the additional contents were also covered by the digital signature. Starting

CVE-2022-1834 [MEDIUM] CWE-295 CVE-2022-1834: When displaying the sender of an email, and the sender name contained the Braille Pattern Blank spac When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the att

CVE-2022-22760 [MEDIUM] CWE-209 CVE-2022-22760: When importing resources using Web Workers, error messages would distinguish the difference between When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

CVE-2022-22746 [MEDIUM] CWE-362 CVE-2022-22746: A race condition could have allowed bypassing the fullscreen notification which could have lead to a A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-46875 [MEDIUM] CWE-287 CVE-2022-46875: The executable file warning was not presented when downloading .atloc and .ftploc files, which can r The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. *Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.

CVE-2022-42930 [HIGH] CVE-2022-42930: If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106.

CVE-2022-42931 [LOW] CVE-2022-42931: Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106.

CVE-2022-38475 [MEDIUM] CVE-2022-38475: An attacker could have written a value to the first element in a zero-length JavaScript array An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104.

CVE-2022-36320 [CRITICAL] CVE-2022-36320: Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102 Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 103.

CVE-2022-36315 [MEDIUM] CVE-2022-36315: When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with inc When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox < 103.

CVE-2022-36316 [MEDIUM] CVE-2022-36316: When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103.

CVE-2022-34480 [HIGH] CVE-2022-34480: Within the lg_init() function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being a Within the lg_init() function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102.