Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2022-2226 Authentication Bypass by Capture-replay vulnerability in Mozilla Thunderbird
An OpenPGP digital signature includes information about the date when the signature was created.
network
low complexity
mozilla CWE-294
6.5
2022-12-22 CVE-2022-31738 Authentication Bypass by Spoofing vulnerability in Mozilla Firefox
When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks.
network
low complexity
mozilla CWE-290
6.5
2022-12-22 CVE-2022-31742 Unspecified vulnerability in Mozilla Firefox
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-31744 Cross-site Scripting vulnerability in Mozilla Firefox ESR
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy.
network
low complexity
mozilla CWE-79
6.5
2022-12-22 CVE-2022-34472 Unspecified vulnerability in Mozilla Firefox
If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown.
network
low complexity
mozilla
4.3
2022-12-22 CVE-2022-34478 Unspecified vulnerability in Mozilla Firefox
The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-34479 Unspecified vulnerability in Mozilla Firefox
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-36314 Uncontrolled Search Path Element vulnerability in Mozilla Firefox
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows.
local
low complexity
mozilla CWE-427
5.5
2022-12-22 CVE-2022-36318 Race Condition vulnerability in Mozilla Thunderbird
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected.
network
high complexity
mozilla CWE-362
5.3
2022-12-22 CVE-2022-38472 Origin Validation Error vulnerability in Mozilla Thunderbird
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar.
network
low complexity
mozilla CWE-346
6.5