Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-26383 Unspecified vulnerability in Mozilla Firefox
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.
network
low complexity
mozilla
4.3
2022-12-22 CVE-2022-26386 Unspecified vulnerability in Mozilla Firefox ESR
Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-28282 Use After Free vulnerability in Mozilla Firefox ESR
By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash.
network
low complexity
mozilla CWE-416
6.5
2022-12-22 CVE-2022-28285 Out-of-bounds Read vulnerability in Mozilla Firefox ESR
When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used.
network
low complexity
mozilla CWE-125
6.5
2022-12-22 CVE-2022-28286 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox ESR
Due to a layout change, iframe contents could have been rendered outside of its border.
network
low complexity
mozilla CWE-1021
5.4
2022-12-22 CVE-2022-29911 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Thunderbird
An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present.
network
low complexity
mozilla CWE-1021
6.1
2022-12-22 CVE-2022-29912 Open Redirect vulnerability in Mozilla Thunderbird
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute.
network
low complexity
mozilla CWE-601
6.1
2022-12-22 CVE-2022-29913 Unspecified vulnerability in Mozilla Thunderbird
The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-29914 Unspecified vulnerability in Mozilla Thunderbird
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-29916 Unspecified vulnerability in Mozilla Thunderbird
Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables.
network
low complexity
mozilla
6.5