Get mozilla thunderbird5/16/2023 Revocation statements that used another revocation reason, or that didn't specify a revocation reason, were unaffected. When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. #CVE-2022-1197: OpenPGP revocation information was ignored Reporter Thunderbird user Johannes König Impact moderate Description If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. ![]() ![]() #CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions Reporter Axel '0vercl0k' Souchet Impact high Description NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. ![]() #CVE-2022-1097: Use-after-free in NSSToken objects Reporter Randell Jesup Impact high Description In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. Mozilla Foundation Security Advisory 2022-15 Security Vulnerabilities fixed in Thunderbird 91.8 Announced ApImpact high Products Thunderbird Fixed in
0 Comments
Leave a Reply. |