CVE-2022-3033

CVE-2022-3033 affects Thunderbird when replying to crafted HTML emails containing a meta tag with http-equiv="refresh" and a content URL. This can trigger a network request and, with other HTML elements, allow JavaScript in the message compose context to read/modify the compose window (including ...

CVE-2022-3034

When receiving an HTML email that specified to load an iframe element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird 102.2.1 and Thunderbird 91.13.1...

RHEL 8 : thunderbird (RHSA-2022:9074)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9074 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Security Fixes: Mozilla:...

RHEL 8 : thunderbird (RHSA-2022:9077)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9077 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Security Fixes: Mozilla:...

RHEL 9 : thunderbird (RHSA-2022:9080)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9080 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Security Fixes: Mozilla:...

Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content

The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content

The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...

Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content

The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

RHEL 8 : thunderbird (RHSA-2022:9078)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9078 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Security Fixes: Mozilla:...

Oracle Linux 7 : ELSA-2022-9079-1: / thunderbird (ELSA-2022-90791)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-90791 advisory. 102.6.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 102.6.0-2 - Update to...

RHEL 8 : thunderbird (RHSA-2022:9076)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9076 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Security Fixes: Mozilla:...

ALSA-2022:9080 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Security Fixes: Mozilla: Arbitrary file read from a compromised content process CVE-2022-46872 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Security Fixes: Mozilla: Arbitrary file read from a compromised content process CVE-2022-46872 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6...

Security fix for the ALT Linux 10 package thunderbird version 102.5.1-alt1

102.5.1-alt1 built Dec. 13, 2022 Pavel Vasenkov in task 311239 Dec. 5, 2022 Pavel Vasenkov - New version. - Security fixes: + CVE-2022-45414 Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration...

Amazon Linux 2 : thunderbird (ALAS-2022-1900)

The version of thunderbird installed on the remote host is prior to 102.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1900 advisory. 2024-05-09: CVE-2021-28429 was added to this advisory. Integer overflow vulnerability in avtimecodemakestring in...

SUSE: Security Advisory (SUSE-SU-2022:4334-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0452 Updated thunderbird packages fix security vulnerability

Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content. CVE-2022-45414...

Important: thunderbird

Issue Overview: Integer overflow vulnerability in avtimecodemakestring in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service DoS via crafted .mov file. CVE-2021-28429 When receiving an HTML email that contained an iframe element, which used a srcdoc...