AVG-2710 log

Package thunderbird
Status Fixed
Severity High
Type multiple issues
Affected 91.8.1-1
Fixed 91.9-1
Current 115.8.0-1 [extra]
Ticket None
Created Sat May 14 19:54:17 2022
Issue Severity Remote Type Description
CVE-2022-29917 High Yes Arbitrary code execution
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox...
CVE-2022-29916 High Yes Information disclosure
Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the...
CVE-2022-29914 High Yes Content spoofing
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks.
CVE-2022-29913 Medium Yes Insufficient validation
The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process.
CVE-2022-29912 Medium Yes Insufficient validation
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute.
CVE-2022-29911 High Yes Arbitrary code execution
An improper implementation of the new iframe sandbox keyword allow- top-navigation-by-user-activation could lead to script execution without allow-scripts...
CVE-2022-29909 High Yes Privilege escalation
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and...
CVE-2022-1520 Low No Insufficient validation
When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect...
"In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts."