Vulnerabilities > Mozilla > Thunderbird > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-22 | CVE-2022-26383 | Unspecified vulnerability in Mozilla Firefox When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. | 4.3 |
2022-12-22 | CVE-2022-26386 | Unspecified vulnerability in Mozilla Firefox ESR Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. | 6.5 |
2022-12-22 | CVE-2022-28282 | Use After Free vulnerability in Mozilla Firefox ESR By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. | 6.5 |
2022-12-22 | CVE-2022-28285 | Out-of-bounds Read vulnerability in Mozilla Firefox ESR When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. | 6.5 |
2022-12-22 | CVE-2022-28286 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox ESR Due to a layout change, iframe contents could have been rendered outside of its border. | 5.4 |
2022-12-22 | CVE-2022-29911 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Thunderbird An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. | 6.1 |
2022-12-22 | CVE-2022-29912 | Open Redirect vulnerability in Mozilla Thunderbird Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. | 6.1 |
2022-12-22 | CVE-2022-29913 | Unspecified vulnerability in Mozilla Thunderbird The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. | 6.5 |
2022-12-22 | CVE-2022-29914 | Unspecified vulnerability in Mozilla Thunderbird When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. | 6.5 |
2022-12-22 | CVE-2022-29916 | Unspecified vulnerability in Mozilla Thunderbird Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. | 6.5 |