ROS-20230505-01

Mozilla Thunderbird email client vulnerability involves invalid free operation from code
JavaScript. Exploitation of the vulnerability could allow an attacker acting remotely to force the victim to
to visit a specially crafted web page, cause memory corruption, and execute arbitrary code.

The vulnerability in the Mozilla Thunderbird email client is related to the use of an incorrect downgrade instruction in the AR compiler.
downgrade instruction in the ARM64 Ion compiler. Exploitation of the vulnerability could allow an attacker acting
remotely to gain access to sensitive information.

Mozilla Thunderbird email client vulnerability is related to a bounds error during compression by the garbage collector.
garbage collector. Exploitation of the vulnerability could allow an attacker acting remotely to create a customized
customized website, force the victim to open it, cause memory corruption, and execute arbitrary
code on the target system.

A vulnerability in the Mozilla Thunderbird email client is related to improper processing of user
data. Exploitation of the vulnerability could allow an attacker acting remotely to hide a full-screen
notification using a combination of window.open, full-screen requests, window.name assignments, and calls to
setInterval.

A vulnerability in the Mozilla Thunderbird email client involves improper handling of a newline in a filename
file name. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the
file extension security mechanisms that replace unsafe file extensions such as .lnk with .download, and potentially compromise the threat of .download.
.download, and potentially compromise a vulnerable system.

The vulnerability in the Mozilla Thunderbird email client is related to a bug in the handling of revocation status of
of S/mime recipient certificates. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain access to confidential information.
remotely to gain access to sensitive information.

A vulnerability in Mozilla Thunderbird email client is related to incorrect processing of the file name directive
in the Content-Disposition header, which results in file name truncation if it contains the NULL character.
Exploitation of the vulnerability could allow an attacker acting remotely to abuse such
behavior and force the victim to download a malicious file.

The vulnerability in Mozilla Thunderbird email client is related to improper handling of file names,
ending in .desktop. Exploiting the vulnerability could allow an attacker acting remotely,
to trick the victim into downloading a malicious file and running it on the system.

A vulnerability in the Mozilla Thunderbird email client is related to a bounds error when analyzing HTML content.
Exploitation of the vulnerability could allow an attacker acting remotely to create a customized
website, trick the victim into opening it, cause memory corruption, and execute arbitrary code
on the target system.

The vulnerability in Mozilla Thunderbird email client is related to a boundary error in the Safe Browsing API.
Exploitation of the vulnerability could allow an attacker acting remotely to create a customized
website, force the victim to open it, cause memory corruption, and execute arbitrary code on the target system.
the target system.

The vulnerability in the Mozilla Thunderbird email client is related to excessive data output by the application when
downloading files via “Save Link As” in Windows with suggested file names containing the names of
of environment variables. Exploitation of the vulnerability could allow an attacker acting remotely to gain
unauthorized access to sensitive information on the system.

A vulnerability in the Mozilla Thunderbird email client is related to insufficient validation of user-entered data in the Ribbit library.
Ribose RNP library when analyzing PKESK/SKESK packets. Exploitation of the vulnerability
could allow an attacker acting remotely to send specially crafted OpenPGP messages to the application and execute an attack like this.
OpenPGP messages to an application and perform a denial of service (DoS) attack.

The vulnerability in the Mozilla Thunderbird email client is related to a boundary error in the handling of unreliable
inputs to the WebGL API. Exploitation of the vulnerability could allow an attacker acting remotely,
trick a victim into visiting a specially crafted website, initiating an out-of-bounds entry, and
execute arbitrary code on the target system.

The vulnerability in the Mozilla Thunderbird email client relates to how Mozilla’s service desk
handles write locks when downloading updates from an SMB server. Exploitation of the vulnerability could
allow an attacker to apply an unsigned update file by pointing the service to an update file on a
malicious SMB server.