![]() Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. ![]() (CVE-2022-46882) - Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. (CVE-2022-46875) - A use-after-free in WebGL extensions could have led to a potentially exploitable crash. Note: This issue only affected Mac OS operating systems. ftploc files, which can run commands on a user's computer. (CVE-2022-46874) - The executable file warning was not presented when downloading. This could potentially led to user confusion and the execution of malicious code. (CVE-2022-46881) - A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. (CVE-2022-46872) - An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. This bug only affects Thunderbird for Linux. (CVE-2022-46880) - An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages. A missing check related to tex units could have led to a use-after-free and potentially exploitable crash. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-53 advisory. Description The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.6. Synopsis A mail client installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |