ROS-20220412-03

Vulnerability in Mozilla Thunderbird email client, related to a memory freeing error when processing
HTML content after the VR process is destroyed. Exploitation of the vulnerability could allow an attacker,
acting remotely, create a specially crafted web page, trick the victim into opening it,
cause a usage error upon release, and execute arbitrary code on the system

A vulnerability in the Mozilla Thunderbird email client, related to the fact that the contents of an iframe can be displayed outside the
outside of its boundary. Exploitation of the vulnerability could allow an attacker acting remotely,
spoof the content of a page

Vulnerability in Mozilla Thunderbird mail client, related to a memory release error when processing links
rel=“localization” links. Exploitation of the vulnerability could allow an attacker acting remotely to create a specially crafted web page that could spoof the contents of a page.
a specially crafted web page, trick the victim into opening it, raise a usage error upon release, and execute an arbitrary web page.
upon release, and execute arbitrary code on the system

A vulnerability in the Mozilla Thunderbird email client, related to a boundary error in handling an unexpected
number of WebAuthN extensions in the Register command. Exploitation of the vulnerability could allow an attacker,
acting remotely, create a specially crafted web page, trick the victim into opening it,
write out-of-bounds and execute arbitrary code on the system

A vulnerability in the Mozilla Thunderbird email client, related to the use of an invalid aliasSet when creating the
assembly code for MLoadTypedArrayElementHole. Exploitation of the vulnerability could allow an attacker,
acting remotely, to abuse this along with other vulnerabilities to perform reads outside the
boundaries

A vulnerability in the Mozilla Thunderbird email client, related to the fact that regex for Rust does not properly control the internal resource consumption during syntaxing.
internal resource consumption when parsing unreliable input data.
Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted
data to an application and execute a denial of service (ReDoS) attack with regular expressions.

Vulnerability in Mozilla Thunderbird email client, related to a memory release error during object processing
NSSToken. Exploitation of the vulnerability could allow an attacker acting remotely to create a customized
customized web page, trick the victim into opening it, cause a usage error upon its
release and execute arbitrary code on the system

Vulnerability in Mozilla Thunderbird email client, related to a boundary error in HTML content processing.
Exploitation of the vulnerability could allow an attacker acting remotely to create a specially crafted
web page, trick the victim into opening it, cause memory corruption, and execute arbitrary
code on the target system