9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
27.7%
91.6.0-alt1 built Feb. 17, 2022 Pavel Vasenkov in task #295262
Feb. 12, 2022 Pavel Vasenkov
- New version.
- Security fixes:
+ CVE-2022-22753 Privilege Escalation to SYSTEM on Windows via Maintenance Service
+ CVE-2022-22754 Extensions could have bypassed permission confirmation during update
+ CVE-2022-22756 Drag and dropping an image could have resulted in the dropped object being an executable
+ CVE-2022-22759 Sandboxed iframes could have executed script if the parent appended elements
+ CVE-2022-22760 Cross-Origin responses could be distinguished between script and non-script content-types
+ CVE-2022-22761 frame-ancestors Content Security Policy directive was not enforced for framed extension pages
+ CVE-2022-22763 Script Execution during invalid object state
+ CVE-2022-22764 Memory safety bugs fixed in Thunderbird 91.6
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
27.7%