Vulnerabilities > Mozilla > Thunderbird > 102.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-32213 | Use of Uninitialized Resource vulnerability in Mozilla Firefox When reading a file, an uninitialized value could have been used as read limit. | 8.8 |
| 2023-06-02 | CVE-2023-32215 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. | 8.8 |
| 2022-12-22 | CVE-2022-3032 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Mozilla Thunderbird When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. | 6.5 |
| 2022-12-22 | CVE-2022-3033 | Cross-site Scripting vulnerability in Mozilla Thunderbird If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. | 8.1 |
| 2022-12-22 | CVE-2022-3034 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Thunderbird When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. | 4.3 |
| 2022-12-22 | CVE-2022-3155 | Unspecified vulnerability in Mozilla Thunderbird When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. | 7.8 |
| 2022-12-22 | CVE-2022-3266 | Out-of-bounds Read vulnerability in Mozilla Thunderbird An out-of-bounds read can occur when decoding H264 video. | 5.5 |
| 2022-12-22 | CVE-2022-40956 | Cross-site Scripting vulnerability in Mozilla Thunderbird When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. | 6.1 |
| 2022-12-22 | CVE-2022-40957 | Unspecified vulnerability in Mozilla Thunderbird Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. | 6.5 |
| 2022-12-22 | CVE-2022-40958 | Injection vulnerability in Mozilla Thunderbird By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. | 6.5 |