ROS-20230315-01

Vulnerability in Mozilla Thunderbird email client related to notifications that are not displayed,
when the browser is in full screen mode, allowing an attacker to trick the victim into visiting a malicious website and performing a spoofing attack.
to visit a malicious website and perform a spoofing attack.

Vulnerability in Mozilla Thunderbird email client due to the fact that when encoding data from the
“InputStream” to “xpcom” would miscalculate the size of the encoded input data, allowing the
an intruder to cause writes to go out of memory.

Vulnerability in Mozilla Thunderbird mail client related to permission requests to
open external schemas displayed only for “ContentPrincipals”, resulting in extensions being able to
open them without user interaction through “ExpandedPrincipals”, allowing the infringer to
lead to further malicious behavior, such as downloading files or interacting with software
software already installed on the system.

The vulnerability in the Mozilla Thunderbird email client is due to improper limitation of operations within the
memory buffer. Exploitation of the vulnerability could allow an attacker acting remotely to create a package of
PKCK 12 b certificates to allow an arbitrary write to memory by improperly handling the
PKCK 12 Safe Bag attributes

Vulnerability in Mozilla Thunderbird email client related to module download requests that
failed, were not checked to see if they were canceled or not, allowing a
an attacker to use Use-After-Free in ScriptLoadContext.

A vulnerability in the Mozilla Thunderbird email client due to the fact that when importing the SPKI public key
RSA as an ECDSA P-256 key will not be processed correctly, allows an attacker to cause a failure of the
tabs.

A vulnerability in the Mozilla Thunderbird email client related to memory security flaws that allow an
an attacker to run arbitrary code.

Mozilla Thunderbird mail client vulnerability related to wrappers between compartments that are
wrapped by a scripting proxy, allowing an attacker to store objects from other bays in the main
compartment, leading to subsequent use after the proxy is deployed.

Mozilla Thunderbird email client vulnerability related to an invalid downgrade from nsTextNode to an
SVGElement, allowing an attacker to cause undefined behavior.

Mozilla Thunderbird email client vulnerability related to a background script that calls the
requestFullscript and then blocking the main thread, allowing an attacker to force the
browser into full-screen mode indefinitely, which can lead to user confusion or
spoofing attacks.

Mozilla Thunderbird email client vulnerability related to the header of the
Content-Security-Policy-Report-Only, which could lead to the leak of the unedited URI of a child
iframe when interaction with that iframe triggers a redirect. The vulnerability allows an attacker to
to leak the unedited URI of the child iframe.