Mozilla Mozilla

Do you want an email whenever new security vulnerabilities are reported in any Mozilla product?

Products by Mozilla Sorted by Most Security Vulnerabilities since 2018

Mozilla Firefox809 vulnerabilities
Open source web browser

Mozilla Thunderbird521 vulnerabilities
Email client

Mozilla SeaMonkey186 vulnerabilities
Browser, email and newsgroup client

Mozilla Thunderbird Esr107 vulnerabilities

Mozilla Firefox Mobile19 vulnerabilities

Mozilla Bleach5 vulnerabilities

Mozilla4 vulnerabilities

Mozilla Nss3 vulnerabilities

Mozilla Geckodriver2 vulnerabilities

Mozilla Pollbot2 vulnerabilities

Mozilla Vpn2 vulnerabilities

Mozilla Firefox Focus2 vulnerabilities

Mozilla Convict2 vulnerabilities

Mozilla Camino2 vulnerabilities

Mozilla Webthings Gateway2 vulnerabilities

Mozilla Nss Esr1 vulnerability

Mozilla Mozjpeg1 vulnerability

Mozilla Vpn1 vulnerability

Mozilla Hubs Cloud1 vulnerability

Mozilla Hawk1 vulnerability

Mozilla Firefox Os1 vulnerability

Mozilla Bugzilla1 vulnerability

Recent Mozilla Security Advisories

Advisory Title Published
mfsa2023-09 Security Vulnerabilities fixed in Firefox 111 mfsa2023-09 March 14, 2023
mfsa2023-10 Security Vulnerabilities fixed in Firefox ESR 102.9 mfsa2023-10 March 14, 2023
mfsa2023-11 Security Vulnerabilities fixed in Thunderbird 102.9 mfsa2023-11 March 14, 2023
mfsa2023-08 Security Vulnerabilities fixed in Firefox for Android 110.1.0 mfsa2023-08 February 28, 2023
mfsa2023-07 Security Vulnerabilities fixed in Thunderbird 102.8 mfsa2023-07 February 15, 2023
mfsa2023-05 Security Vulnerabilities fixed in Firefox 110 mfsa2023-05 February 14, 2023
mfsa2023-06 Security Vulnerabilities fixed in Firefox ESR 102.8 mfsa2023-06 February 14, 2023
mfsa2023-04 Security Vulnerabilities fixed in Thunderbird 102.7.1 mfsa2023-04 January 23, 2023
mfsa2023-03 Security Vulnerabilities fixed in Thunderbird 102.7 mfsa2023-03 January 18, 2023
mfsa2023-02 Security Vulnerabilities fixed in Firefox ESR 102.7 mfsa2023-02 January 17, 2023

Known Exploited Mozilla Vulnerabilities

The following Mozilla vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Mozilla Firefox Security Feature Bypass Vulnerability Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. CVE-2015-4495 May 25, 2022
Mozilla Firefox and Thunderbird Type Confusion Vulnerability Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash. CVE-2019-11707 May 23, 2022
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution. CVE-2019-11708 May 23, 2022
Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service or possibly execute arbitrary code via a crafted web site. CVE-2013-1690 March 28, 2022
Mozilla Firefox Use-After-Free Vulnerability Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution. CVE-2022-26486 March 7, 2022
Mozilla Firefox Use-After-Free Vulnerability Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution. CVE-2022-26485 March 7, 2022
Mozilla Firefox Information Disclosure Vulnerability Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. CVE-2013-1675 March 3, 2022
Mozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerability A race condition can cause a use-after-free when running the nsDocShell destructor. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. CVE-2020-6819 November 3, 2021
Mozilla Firefox 74 and Firefox ESR 68.6 ReadableStream vulnerability A race condition can cause a use-after-free when handling a ReadableStream. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. CVE-2020-6820 November 3, 2021
Mozilla Firefox IonMonkey JIT compiler Type Confusion Vulnerability Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1 CVE-2019-17026 November 3, 2021

@mozilla Tweets

What is the future of Mozilla, ethical tech, and open-source AI tools and practices? Join our first… https://t.co/ldNTm9Ac5L
Tue Mar 21 11:20:01 +0000 2023

We're gearing up for our first #DialoguesandDebates of #mozfest�� Joining in on the chat? Brush up on our community… https://t.co/Tf1mISeydx
Mon Mar 20 15:45:28 +0000 2023

Join in on the conversation at 12pm ET! https://t.co/IV3zsL0viF https://t.co/vLRBH40zKe
Mon Mar 20 15:41:28 +0000 2023

Could introducing friction into AI systems contribute to more empowering futures? #MozillaFellow @bobirakova on "sp… https://t.co/Bn2KzPNiMp
Mon Mar 20 13:51:01 +0000 2023

Join us as we celebrate the opening of #MozFest today at 11am ET�� @jbobalotta and team will discuss the importanc… https://t.co/kiWUxZDn8a
Mon Mar 20 13:05:01 +0000 2023

By the Year

In 2023 there have been 6 vulnerabilities in Mozilla with an average score of 6.9 out of ten. Last year Mozilla had 186 security vulnerabilities published. Right now, Mozilla is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.52

Year Vulnerabilities Average Score
2023 6 6.92
2022 186 7.44
2021 158 7.11
2020 180 7.26
2019 144 7.67
2018 128 7.64

It may take a day or so for new Mozilla vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Mozilla Security Vulnerabilities

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification

CVE-2020-12413 5.9 - Medium - February 16, 2023

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites.

Side Channel Attack

Scanning a QR code that contained a javascript: URL

CVE-2019-17003 6.1 - Medium - February 16, 2023

Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.

XSS

bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS)

CVE-2020-6817 7.5 - High - February 16, 2023

bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

ReDoS

Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages

CVE-2021-43529 9.8 - Critical - February 16, 2023

Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures.

Memory Corruption

There was an open redirection vulnerability pollbot

CVE-2022-0637 6.1 - Medium - February 16, 2023

There was an open redirection vulnerability pollbot, which was used in https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/ An attacker could have redirected anyone to malicious sites.

Open Redirect

A mutation XSS affects users calling bleach.clean with all of: svg or math in the

CVE-2021-23980 6.1 - Medium - February 16, 2023

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

XSS

Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash

CVE-2022-40957 6.5 - Medium - December 22, 2022

Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

An attacker could have exploited a timing attack by sending a large number of

CVE-2022-31742 6.5 - Medium - December 22, 2022

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead

CVE-2022-40956 6.1 - Medium - December 22, 2022

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

XSS

By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies

CVE-2022-40958 6.5 - Medium - December 22, 2022

By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

Injection

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe

CVE-2022-40960 6.5 - Medium - December 22, 2022

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

Dangling pointer

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass

CVE-2022-40959 6.5 - Medium - December 22, 2022

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

Insecure Storage of Sensitive Information

When receiving an HTML email

CVE-2022-3034 4.3 - Medium - December 22, 2022

When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

Clickjacking

When receiving an HTML email

CVE-2022-3032 6.5 - Medium - December 22, 2022

When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

AuthZ

If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to

CVE-2022-3033 8.1 - High - December 22, 2022

If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. In combination with certain other HTML elements and attributes in the email, it was possible to execute JavaScript code included in the message in the context of the message compose document. The JavaScript code was able to perform actions including, but probably not limited to, read and modify the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email. The contents could then be transmitted to the network, either to the URL specified in the META refresh tag, or to a different URL, as the JavaScript code could modify the URL specified in the document. This bug doesn't affect users who have changed the default Message Body display setting to 'simple html' or 'plain text'. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

Code Injection

When receiving an HTML email

CVE-2022-3034 4.3 - Medium - December 22, 2022

When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

Clickjacking

When receiving an HTML email

CVE-2022-3032 6.5 - Medium - December 22, 2022

When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

AuthZ

If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to

CVE-2022-3033 8.1 - High - December 22, 2022

If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. In combination with certain other HTML elements and attributes in the email, it was possible to execute JavaScript code included in the message in the context of the message compose document. The JavaScript code was able to perform actions including, but probably not limited to, read and modify the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email. The contents could then be transmitted to the network, either to the URL specified in the META refresh tag, or to a different URL, as the JavaScript code could modify the URL specified in the document. This bug doesn't affect users who have changed the default Message Body display setting to 'simple html' or 'plain text'. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

Code Injection

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12

CVE-2022-38478 8.8 - High - December 22, 2022

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Memory Corruption

Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1

CVE-2022-38477 8.8 - High - December 22, 2022

Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104.

Memory Corruption

A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability

CVE-2022-38476 7.5 - High - December 22, 2022

A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2.

Dangling pointer

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access)

CVE-2022-38473 8.8 - High - December 22, 2022

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Improper Preservation of Permissions

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin

CVE-2022-38472 6.5 - Medium - December 22, 2022

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Origin Validation Error

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12

CVE-2022-38478 8.8 - High - December 22, 2022

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Memory Corruption

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access)

CVE-2022-38473 8.8 - High - December 22, 2022

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Improper Preservation of Permissions

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin

CVE-2022-38472 6.5 - Medium - December 22, 2022

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Origin Validation Error

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12

CVE-2022-38478 8.8 - High - December 22, 2022

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Memory Corruption

Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1

CVE-2022-38477 8.8 - High - December 22, 2022

Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104.

Memory Corruption

An attacker could have written a value to the first element in a zero-length JavaScript array

CVE-2022-38475 6.5 - Medium - December 22, 2022

An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104.

AuthZ

A website that had permission to access the microphone could record audio without the audio notification being shown

CVE-2022-38474 4.3 - Medium - December 22, 2022

A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.<br />*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 104.

Exposure of Resource to Wrong Sphere

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access)

CVE-2022-38473 8.8 - High - December 22, 2022

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Improper Preservation of Permissions

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin

CVE-2022-38472 6.5 - Medium - December 22, 2022

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Origin Validation Error

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12

CVE-2022-38478 8.8 - High - December 22, 2022

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Memory Corruption

Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1

CVE-2022-38477 8.8 - High - December 22, 2022

Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104.

Memory Corruption

A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability

CVE-2022-38476 7.5 - High - December 22, 2022

A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2.

Dangling pointer

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access)

CVE-2022-38473 8.8 - High - December 22, 2022

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Improper Preservation of Permissions

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin

CVE-2022-38472 6.5 - Medium - December 22, 2022

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Origin Validation Error

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12

CVE-2022-38478 8.8 - High - December 22, 2022

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Memory Corruption

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access)

CVE-2022-38473 8.8 - High - December 22, 2022

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Improper Preservation of Permissions

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin

CVE-2022-38472 6.5 - Medium - December 22, 2022

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Origin Validation Error

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected

CVE-2022-36318 5.3 - Medium - December 22, 2022

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

Race Condition

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed

CVE-2022-36319 7.5 - High - December 22, 2022

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102

CVE-2022-2505 8.8 - High - December 22, 2022

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

Memory Corruption

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path

CVE-2022-36314 5.5 - Medium - December 22, 2022

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

DLL preloading

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected

CVE-2022-36318 5.3 - Medium - December 22, 2022

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

Race Condition

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed

CVE-2022-36319 7.5 - High - December 22, 2022

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102

CVE-2022-2505 8.8 - High - December 22, 2022

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

Memory Corruption

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102

CVE-2022-36320 9.8 - Critical - December 22, 2022

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 103.

Memory Corruption

When using the Performance API

CVE-2022-36316 6.1 - Medium - December 22, 2022

When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103.

Open Redirect

When loading a script with Subresource Integrity

CVE-2022-36315 4.3 - Medium - December 22, 2022

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox < 103.

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path

CVE-2022-36314 5.5 - Medium - December 22, 2022

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

DLL preloading

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected

CVE-2022-36318 5.3 - Medium - December 22, 2022

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

Race Condition

When visiting a website with an overly long URL, the user interface would start to hang

CVE-2022-36317 6.5 - Medium - December 22, 2022

When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 103.

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed

CVE-2022-36319 7.5 - High - December 22, 2022

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected

CVE-2022-36318 5.3 - Medium - December 22, 2022

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

Race Condition

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed

CVE-2022-36319 7.5 - High - December 22, 2022

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102

CVE-2022-2505 8.8 - High - December 22, 2022

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

Memory Corruption

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path

CVE-2022-36314 5.5 - Medium - December 22, 2022

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

DLL preloading

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected

CVE-2022-36318 5.3 - Medium - December 22, 2022

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

Race Condition

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed

CVE-2022-36319 7.5 - High - December 22, 2022

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension

CVE-2022-34482 8.8 - High - December 22, 2022

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. This vulnerability affects Firefox < 102.

On arm64

CVE-2022-31740 8.8 - High - December 22, 2022

On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

Mozilla developers Andrew McCreight, Nicolas B

CVE-2022-31747 9.8 - Critical - December 22, 2022

Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

A malicious website could have learned the size of a cross-origin resource that supported Range requests

CVE-2022-31736 9.8 - Critical - December 22, 2022

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash

CVE-2022-31737 9.8 - Critical - December 22, 2022

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

Memory Corruption

When exiting fullscreen mode

CVE-2022-31738 6.5 - Medium - December 22, 2022

When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

Authentication Bypass by Spoofing

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths

CVE-2022-31739 8.8 - High - December 22, 2022

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption

CVE-2022-31741 8.8 - High - December 22, 2022

A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

Buffer Overflow

An attacker could have exploited a timing attack by sending a large number of

CVE-2022-31742 6.5 - Medium - December 22, 2022

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers

CVE-2022-31743 6.5 - Medium - December 22, 2022

Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox < 101.

XSS

An attacker could have injected CSS into stylesheets accessible

CVE-2022-31744 6.5 - Medium - December 22, 2022

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.

AuthZ

If array shift operations are not used, the Garbage Collector may have become confused about valid objects

CVE-2022-31745 4.3 - Medium - December 22, 2022

If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101.

out-of-bounds array index

Mozilla developers Andrew McCreight, Nicolas B

CVE-2022-31747 9.8 - Critical - December 22, 2022

Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

Mozilla developers Gabriele Svelto

CVE-2022-31748 9.8 - Critical - December 22, 2022

Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 101.

The search term could have been specified externally to trigger SQL injection

CVE-2022-1887 9.8 - Critical - December 22, 2022

The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.

SQL Injection

A malicious website

CVE-2022-34479 6.5 - Medium - December 22, 2022

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Session history navigations may have led to a use-after-free and potentially exploitable crash

CVE-2022-34470 9.8 - Critical - December 22, 2022

Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Dangling pointer

An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link

CVE-2022-34468 8.8 - High - December 22, 2022

An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function

CVE-2022-34481 8.8 - High - December 22, 2022

In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Integer Overflow or Wraparound

An attacker could have injected CSS into stylesheets accessible

CVE-2022-31744 6.5 - Medium - December 22, 2022

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.

AuthZ

If there was a PAC URL set and the server

CVE-2022-34472 4.3 - Medium - December 22, 2022

If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

The <code>ms-msdt</code>

CVE-2022-34478 6.5 - Medium - December 22, 2022

The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.<br>*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

If an object prototype was corrupted by an attacker, they

CVE-2022-2200 8.8 - High - December 22, 2022

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Prototype Pollution

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10

CVE-2022-34484 8.8 - High - December 22, 2022

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

assertion failure

A malicious website

CVE-2022-34479 6.5 - Medium - December 22, 2022

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Session history navigations may have led to a use-after-free and potentially exploitable crash

CVE-2022-34470 9.8 - Critical - December 22, 2022

Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Dangling pointer

An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link

CVE-2022-34468 8.8 - High - December 22, 2022

An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function

CVE-2022-34481 8.8 - High - December 22, 2022

In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Integer Overflow or Wraparound

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10

CVE-2022-34484 8.8 - High - December 22, 2022

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

assertion failure

Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101

CVE-2022-34485 9.8 - Critical - December 22, 2022

Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102.

Memory Corruption

A malicious website

CVE-2022-34479 6.5 - Medium - December 22, 2022

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Session history navigations may have led to a use-after-free and potentially exploitable crash

CVE-2022-34470 9.8 - Critical - December 22, 2022

Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Dangling pointer

An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link

CVE-2022-34468 8.8 - High - December 22, 2022

An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

An OpenPGP digital signature includes information about the date when the signature was created

CVE-2022-2226 6.5 - Medium - December 22, 2022

An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11.

Authentication Bypass by Capture-replay

The <code>ms-msdt</code>

CVE-2022-34478 6.5 - Medium - December 22, 2022

The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.<br>*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10

CVE-2022-34484 8.8 - High - December 22, 2022

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

assertion failure

If an object prototype was corrupted by an attacker, they

CVE-2022-2200 8.8 - High - December 22, 2022

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Prototype Pollution

The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code>&lt;use&gt;</code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes

CVE-2022-34473 6.1 - Medium - December 22, 2022

The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code>&lt;use&gt;</code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. This vulnerability affects Firefox < 102.

XSS

If there was a PAC URL set and the server

CVE-2022-34472 4.3 - Medium - December 22, 2022

If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

An attacker could have injected CSS into stylesheets accessible

CVE-2022-31744 6.5 - Medium - December 22, 2022

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.

AuthZ

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.