ROS-20220518-02

A vulnerability in Mozilla Thunderbird email client is related to incorrect processing of user input data when processing signed and encrypted attached messages.
user input when processing signed and encrypted attached messages. Exploitation
exploitation of the vulnerability could allow a remote attacker to forge the security status of one of the attached messages.
attached messages

Vulnerability in Mozilla Thunderbird email client is related to improper management of internal resources when working with the speech synthesis feature.
resources when using the speech synthesis feature. Exploitation of the vulnerability could allow an attacker,
acting remotely, to bypass the verification of speech synthesis feature activation when receiving instructions from a
child process

A vulnerability in the Mozilla Thunderbird email client is related to improper permissions management in the application.
application. Exploitation of the vulnerability could allow an attacker acting remotely to create a
web page that bypasses an existing browser hint and improperly inherits the permissions of the
top-level

A vulnerability in the Mozilla Thunderbird email client is related to an error in reusing an
existing pop-up windows. Exploitation of the vulnerability could allow an attacker acting remotely to trick a victim into reusing an existing pop-up window.
remotely, trick a victim into visiting a specially crafted website and misuse pop-up windows to hide full-screen pop-up windows.
pop-ups to hide the full-screen notification UI, which could enable a browser spoofing attack.
browser spoofing

A vulnerability in the Mozilla Thunderbird email client is related to improper protection of top-level navigation
for an isolated iframe program environment with a policy weakened with a keyword,
such as allow top-level navigation on user activation. Exploitation of the vulnerability
could allow an attacker acting remotely to bypass the implemented sandbox restrictions for the
loaded frames

A vulnerability in the Mozilla Thunderbird email client is related to boundary errors when processing content in the
HTML. Exploitation of the vulnerability could allow an attacker acting remotely to create a customized
web page, force the victim to open it, cause memory corruption, and execute arbitrary code on the target system.
target system

The vulnerability in the Mozilla Thunderbird email client is related to the fact that browsers behave differently when
loading CSS from known resources using CSS variables. Exploitation of the vulnerability could
allow an attacker acting remotely to monitor browser behavior to guess which
Web sites previously visited and stored in the browser’s history

A vulnerability in the Mozilla Thunderbird email client is related to the fact that requests initiated in read mode improperly skip cookie files.
read requests incorrectly skip cookies with the SameSite attribute. Exploitation of the vulnerability could
Allow a remote attacker to intercept cookies with the SameSite attribute set