Vulnerabilities > Mozilla > Thunderbird > 0.7.1

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-28286 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox ESR
Due to a layout change, iframe contents could have been rendered outside of its border.
network
low complexity
mozilla CWE-1021
5.4
2022-12-22 CVE-2022-28289 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-29909 Incorrect Default Permissions vulnerability in Mozilla Thunderbird
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions.
network
low complexity
mozilla CWE-276
8.8
2022-12-22 CVE-2022-29911 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Thunderbird
An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present.
network
low complexity
mozilla CWE-1021
6.1
2022-12-22 CVE-2022-29912 Open Redirect vulnerability in Mozilla Thunderbird
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute.
network
low complexity
mozilla CWE-601
6.1
2022-12-22 CVE-2022-29913 Unspecified vulnerability in Mozilla Thunderbird
The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-29914 Unspecified vulnerability in Mozilla Thunderbird
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-29916 Unspecified vulnerability in Mozilla Thunderbird
Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-29917 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8.
network
low complexity
mozilla CWE-787
critical
9.8
2022-12-22 CVE-2022-2200 Unspecified vulnerability in Mozilla Firefox
If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution.
network
low complexity
mozilla
8.8