Vulnerabilities > Mozilla > Thunderbird > 0.7.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-38478 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. | 8.8 |
| 2022-12-22 | CVE-2022-3032 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Thunderbird When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. | 6.5 |
| 2022-12-22 | CVE-2022-3033 | Cross-site Scripting vulnerability in Mozilla Thunderbird If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. | 8.1 |
| 2022-12-22 | CVE-2022-40962 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. | 8.8 |
| 2022-12-22 | CVE-2022-42927 | Origin Validation Error vulnerability in Mozilla Firefox A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. | 8.1 |
| 2022-12-22 | CVE-2022-42928 | NULL Pointer Dereference vulnerability in Mozilla Firefox Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. | 8.8 |
| 2022-12-22 | CVE-2022-42929 | Unspecified vulnerability in Mozilla Firefox If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. | 6.5 |
| 2022-12-22 | CVE-2022-42932 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. | 8.8 |
| 2022-12-22 | CVE-2022-45406 | Use After Free vulnerability in Mozilla Firefox If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. | 9.8 |
| 2022-12-22 | CVE-2022-45414 | Unspecified vulnerability in Mozilla Thunderbird If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. | 8.1 |