Vulnerabilities > CVE-2022-40959 - Insecure Storage of Sensitive Information vulnerability in Mozilla Thunderbird
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1782211
- https://bugzilla.mozilla.org/show_bug.cgi?id=1782211
- https://www.mozilla.org/security/advisories/mfsa2022-40/
- https://www.mozilla.org/security/advisories/mfsa2022-40/
- https://www.mozilla.org/security/advisories/mfsa2022-41/
- https://www.mozilla.org/security/advisories/mfsa2022-41/
- https://www.mozilla.org/security/advisories/mfsa2022-42/
- https://www.mozilla.org/security/advisories/mfsa2022-42/