Vulnerabilities > Mozilla > Thunderbird > 91.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-34478 | Unspecified vulnerability in Mozilla Firefox The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. | 6.5 |
| 2022-12-22 | CVE-2022-34479 | Unspecified vulnerability in Mozilla Firefox A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. | 6.5 |
| 2022-12-22 | CVE-2022-34481 | Integer Overflow or Wraparound vulnerability in Mozilla Firefox In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. | 8.8 |
| 2022-12-22 | CVE-2022-34484 | Use After Free vulnerability in Mozilla Firefox The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. | 8.8 |
| 2022-12-22 | CVE-2022-36314 | Uncontrolled Search Path Element vulnerability in Mozilla Firefox When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. | 5.5 |
| 2022-12-22 | CVE-2022-36318 | Race Condition vulnerability in Mozilla Thunderbird When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. | 5.3 |
| 2022-12-22 | CVE-2022-36319 | Unspecified vulnerability in Mozilla Thunderbird When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. | 7.5 |
| 2022-12-22 | CVE-2022-38472 | Origin Validation Error vulnerability in Mozilla Thunderbird An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. | 6.5 |
| 2022-12-22 | CVE-2022-38473 | Improper Preservation of Permissions vulnerability in Mozilla Thunderbird A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). | 8.8 |
| 2022-12-22 | CVE-2022-38476 | Use After Free vulnerability in Mozilla Thunderbird A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. | 7.5 |