738 matches found
CVE-2022-22740
Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
CVE-2022-45414
If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block...
Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content
The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...
Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content
The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...
Important: thunderbird
Issue Overview: Integer overflow vulnerability in avtimecodemakestring in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service DoS via crafted .mov file. CVE-2021-28429 When receiving an HTML email that contained an iframe element, which used a srcdoc...
Fedora 36 : thunderbird (2022-b83fff8106)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-b83fff8106 advisory. Update to 102.5.1 ; https://www.mozilla.org/en-US/security/advisories/mfsa2022-50/ ; https://www.thunderbird.net/en-US/thunderbird/102.5.1/releasenotes/...
Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2022-336-01)
The version of mozilla-thunderbird installed on the remote host is prior to 102.5.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-336-01 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either...
CVE-2022-45414
The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...
Mozilla Thunderbird Security Advisories (MFSA2022-50, MFSA2022-50) - Windows
Mozilla Thunderbird is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Mozilla Thunderbird < 102.5.1
The version of Thunderbird installed on the remote Windows host is prior to 102.5.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2022-50 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a...
Mozilla Thunderbird < 102.5.1
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.5.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2022-50 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained...
Code injection
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-28689
CVE-2022-28689 affects InHand Networks InRouter302 (v3.5.45). Talos reports a console debug leftover that allows arbitrary command execution when an attacker issues a crafted sequence of requests to the device’s console, enabling a hidden or legacy command path (e.g., a leftover “support” functio...
CVE-2022-35264
A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...
CVE-2022-35270
A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...
CVE-2022-35269
A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...
CVE-2022-35268
A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...
CVE-2022-35262
A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...
CVE-2022-35262
A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...
CVE-2022-34850
An OS command injection vulnerability exists in the webserver /action/importauthorizedkeys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...