Vulnerabilities > Mozilla > Thunderbird > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-28282 | Use After Free vulnerability in Mozilla Firefox ESR By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. | 6.5 |
| 2022-12-22 | CVE-2022-28285 | Out-of-bounds Read vulnerability in Mozilla Firefox ESR When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. | 6.5 |
| 2022-12-22 | CVE-2022-28286 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox ESR Due to a layout change, iframe contents could have been rendered outside of its border. | 5.4 |
| 2022-12-22 | CVE-2022-29911 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Thunderbird An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. | 6.1 |
| 2022-12-22 | CVE-2022-29912 | Open Redirect vulnerability in Mozilla Thunderbird Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. | 6.1 |
| 2022-12-22 | CVE-2022-29913 | Unspecified vulnerability in Mozilla Thunderbird The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. | 6.5 |
| 2022-12-22 | CVE-2022-29914 | Unspecified vulnerability in Mozilla Thunderbird When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. | 6.5 |
| 2022-12-22 | CVE-2022-29916 | Unspecified vulnerability in Mozilla Thunderbird Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. | 6.5 |
| 2022-12-22 | CVE-2022-2226 | Authentication Bypass by Capture-replay vulnerability in Mozilla Thunderbird An OpenPGP digital signature includes information about the date when the signature was created. | 6.5 |
| 2022-12-22 | CVE-2022-31738 | Authentication Bypass by Spoofing vulnerability in Mozilla Firefox When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. | 6.5 |