Security Vulnerabilities fixed in Thunderbird 91.13.1 — Mozilla

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...

Mozilla Thunderbird < 91.13.1

The version of Thunderbird installed on the remote Windows host is prior to 91.13.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-39 advisory. - If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the...

SUSE-SU-2022:3281-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Updated to Mozilla Thunderbird 102.2.2: - CVE-2022-3033: Fixed leaking of sensitive information when composing a response to an HTML email with a META refresh tag bsc1203007. - CVE-2022-3032: Fixed missing blocking of remote content...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-249-02)

The version of mozilla-thunderbird installed on the remote host is prior to 102.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-249-02 advisory. - When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the...

Mozilla Thunderbird Security Advisory (MFSA2022-38) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Fedora 36 : thunderbird (2022-8bf22a684b)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8bf22a684b advisory. Update to 102.2.1 ; https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/ Tenable has extracted the preceding description block directly from the...

CVE-2022-3034

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location. However, Thunderbird didn't display the document...

CVE-2022-3032

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...

CVE-2022-3032

When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed...

UBUNTU-CVE-2022-3032

When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed...

CVE-2022-3034

When receiving an HTML email that specified to load an iframe element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird 102.2.1 and Thunderbird 91.13.1...

Mozilla Thunderbird < 102.2.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-38 advisory. - If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having...

Mozilla Thunderbird 安全漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP and POP mail protocols as well as the HTML mail format. A security vulnerability exists in Mozilla Thunderbird that stems from a...

Security Vulnerabilities fixed in Thunderbird 102.2.1 — Mozilla

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...

Usermin <= 1.850 XSS Vulnerability

Usermin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webmin:usermin";...

lettersanitizer Denial of Service Vulnerability

lettersanitizer is a DOM-based HTML email cleaner for in-browser email rendering. A denial of service vulnerability exists in lettersanitizer versions prior to 1.0.2. The vulnerability stems from a failure to properly handle incoming error messages and can be exploited by an attacker to cause a...

CVE-2022-31103

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

Denial of service

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

CVE-2022-31103 Improper handling of CSS at-rules in lettersanitizer

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

lettersanitizer 代码问题漏洞

lettersanitizer is a DOM-based HTML email cleaner for in-browser email rendering. A denial of service vulnerability exists in lettersanitizer versions prior to 1.0.2. The vulnerability stems from a failure to properly handle incoming error messages and can be exploited by an attacker to cause a...