[MFSA-2022-12] Security Vulnerabilities fixed in Thunderbird 91.7
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
CVE-2022-26381: Use-after-free in text reflows (high)
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash.CVE-2022-26383: Browser window spoof using fullscreen mode (high)
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.CVE-2022-26384: iframe allow-scripts sandbox bypass (high)
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox.CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users (low)
Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. This behavior was reverted to the original, user-specific directory.
This bug only affects Thunderbird for macOS and Linux. Other operating systems are unaffected.CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures (high)
When installing an add-on, Thunderbird verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Thunderbird would not have noticed.
Package | Affected Version |
---|---|
pkg:mozilla/Thunderbird | < 91.7 |
Package | Fixed Version |
---|---|
pkg:mozilla/Thunderbird | = 91.7 |
- ID
- MFSA-2022-12
- Severity
- high
- URL
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-12
- Published
-
2022-03-08T00:00:00
(2 years ago) - Modified
-
2022-03-08T00:00:00
(2 years ago) - Other Advisories
-
- ALAS2-2022-1779
- ALPINE:CVE-2022-26381
- ALPINE:CVE-2022-26383
- ALPINE:CVE-2022-26384
- ALPINE:CVE-2022-26386
- ALPINE:CVE-2022-26387
- ALSA-2022:0818
- ALSA-2022:0845
- DSA-5097-1
- DSA-5106-1
- ELSA-2022-0818
- ELSA-2022-0824
- ELSA-2022-0845
- ELSA-2022-0850
- GLSA-202208-08
- GLSA-202208-14
- MFSA-2022-10
- MFSA-2022-11
- openSUSE-SU-2022:0821-1
- openSUSE-SU-2022:0906-1
- RHSA-2022:0818
- RHSA-2022:0824
- RHSA-2022:0845
- RHSA-2022:0850
- SSA:2022-068-01
- SUSE-SU-2022:0819-1
- SUSE-SU-2022:0821-1
- SUSE-SU-2022:0822-1
- SUSE-SU-2022:0906-1
- USN-5321-1
- USN-5321-2
- USN-5345-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1736243 | https://bugzilla.mozilla.org/show_bug.cgi?id=1736243 | |
Bugzilla | 1742421 | https://bugzilla.mozilla.org/show_bug.cgi?id=1742421 | |
Bugzilla | 1744352 | https://bugzilla.mozilla.org/show_bug.cgi?id=1744352 | |
Bugzilla | 1752396 | https://bugzilla.mozilla.org/show_bug.cgi?id=1752396 | |
Bugzilla | 1752979 | https://bugzilla.mozilla.org/show_bug.cgi?id=1752979 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:mozilla/Thunderbird | Thunderbird | < 91.7 | ||||
Fixed | pkg:mozilla/Thunderbird | Thunderbird | = 91.7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |