457 matches found
Fedora 36 : thunderbird (2022-b83fff8106)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-b83fff8106 advisory. Update to 102.5.1 ; https://www.mozilla.org/en-US/security/advisories/mfsa2022-50/ ; https://www.thunderbird.net/en-US/thunderbird/102.5.1/releasenotes/...
Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2022-336-01)
The version of mozilla-thunderbird installed on the remote host is prior to 102.5.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-336-01 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either...
CVE-2022-45414
The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...
Mozilla Thunderbird < 102.5.1
The version of Thunderbird installed on the remote Windows host is prior to 102.5.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2022-50 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a...
Mozilla Thunderbird < 102.5.1
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.5.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2022-50 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained...
Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2022:6710)
The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:6710-1 advisory. - Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag CVE-2022-3033 - Mozilla: Bypassing...
Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...
Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...
Mozilla: An iframe element in an HTML email could trigger a network request
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location. However, Thunderbird didn't display the document...
Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...
Mozilla: An iframe element in an HTML email could trigger a network request
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location. However, Thunderbird didn't display the document...
Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...
Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...
Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...
Mozilla: An iframe element in an HTML email could trigger a network request
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location. However, Thunderbird didn't display the document...
Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...
Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...
RLSA-2022:6708 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Security Fixes: Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag CVE-2022-3033 Mozilla: Bypassing FeaturePolicy...
Unsecured File
thunderbird allows unsecured files. The vulnerability exists due to an issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or videos, were no...
Security Vulnerabilities fixed in Thunderbird 91.13.1 — Mozilla
If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...