AVG-2713 log

Package thunderbird
Status Fixed
Severity High
Type multiple issues
Affected 91.6.2-1
Fixed 91.7.0-1
Current 115.8.0-1 [extra]
Ticket None
Created Sat May 14 20:52:47 2022
Issue Severity Remote Type Description
CVE-2022-26387 High Unknown Unknown
When installing an add-on, Thunderbird verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on...
CVE-2022-26386 Low No Unknown
Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download...
CVE-2022-26384 High Yes Unknown
If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked,...
CVE-2022-26383 High Yes Unknown
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.
CVE-2022-26381 High Yes Arbitrary code execution
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash.
"In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts."