AVG-2761 log

Package thunderbird
Status Fixed
Severity High
Type multiple issues
Affected 91.9.1-1
Fixed 91.10-1
Current 91.12.0-1 [extra]
Ticket None
Created Tue Jun 7 22:39:01 2022
Advisory Pending
Issue Severity Remote Type Description
CVE-2022-31747 High Yes Arbitrary code execution
CVE-2022-31742 Medium Unknown Information disclosure
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key...
CVE-2022-31741 High Yes Information disclosure
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption.
CVE-2022-31738 High Yes Content spoofing
When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or...
CVE-2022-31737 High Yes Arbitrary code execution
A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash.
CVE-2022-31736 High Yes Information disclosure
A malicious website could have learned the size of a cross-origin resource that supported Range requests.
CVE-2022-1834 High Yes Content spoofing
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have...
References
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/