‼ CVE-2021-4127 ‼
📖 Read
via "National Vulnerability Database".
An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28285 ‼
📖 Read
via "National Vulnerability Database".
When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45409 ‼
📖 Read
via "National Vulnerability Database".
The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31747 ‼
📖 Read
via "National Vulnerability Database".
Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34479 ‼
📖 Read
via "National Vulnerability Database".
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22763 ‼
📖 Read
via "National Vulnerability Database".
When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6.📖 Read
via "National Vulnerability Database".
🕴 Biden Signs Post-Quantum Cybersecurity Guidelines Into Law 🕴
📖 Read
via "Dark Reading".
The new law holds the US Office of Budget and Management to a road map for transitioning federal systems to NIST-approved PQC.📖 Read
via "Dark Reading".
Dark Reading
Biden Signs Post-Quantum Cybersecurity Guidelines Into Law
The new law holds the US Office of Budget and Management to a road map for transitioning federal systems to NIST-approved PQC.
‼ CVE-2022-38475 ‼
📖 Read
via "National Vulnerability Database".
An attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox < 104.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34478 ‼
📖 Read
via "National Vulnerability Database".
The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.<br>*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34476 ‼
📖 Read
via "National Vulnerability Database".
ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22736 ‼
📖 Read
via "National Vulnerability Database".
If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.<br>*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45403 ‼
📖 Read
via "National Vulnerability Database".
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22750 ‼
📖 Read
via "National Vulnerability Database".
By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.<br>*This bug only affects Firefox for Windows and MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22749 ‼
📖 Read
via "National Vulnerability Database".
When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29917 ‼
📖 Read
via "National Vulnerability Database".
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40959 ‼
📖 Read
via "National Vulnerability Database".
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46881 ‼
📖 Read
via "National Vulnerability Database".
An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26384 ‼
📖 Read
via "National Vulnerability Database".
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22760 ‼
📖 Read
via "National Vulnerability Database".
When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22748 ‼
📖 Read
via "National Vulnerability Database".
Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35646 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096.📖 Read
via "National Vulnerability Database".