CVE-2022-46881

An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106...

CVE-2022-46882

A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox 107, Firefox ESR 102.6, and Thunderbird 102.6...

CVE-2022-46882

A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox 107, Firefox ESR 102.6, and Thunderbird 102.6...

CVE-2022-46882

A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox 107, Firefox ESR 102.6, and Thunderbird 102.6...

CVE-2022-31737

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

CVE-2022-31737

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

CVE-2022-46881

An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106...

CVE-2022-46882

A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox 107, Firefox ESR 102.6, and Thunderbird 102.6...

CVE-2022-31737

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

CVE-2022-46882

CVE-2022-46882 is a use-after-free in WebGL extensions that could cause a crash in affected Mozilla products. Affected software include Firefox versions before 107 and Firefox ESR before 102.6, and Thunderbird before 102.6. The connected documents identify the underlying issue as a use-after-free...

CVE-2022-31737

CVE-2022-31737 describes an out-of-bounds write in WebGL that could cause memory corruption and a potentially exploitable crash. Affected products include Thunderbird < 91.10, Firefox < 101, and Firefox ESR

Security fix for the ALT Linux 10 package firefox-esr version 102.6.0-alt1

102.6.0-alt1 built Dec. 22, 2022 Pavel Vasenkov in task 311776 Dec. 14, 2022 Pavel Vasenkov - New ESR version. - Security fixes + CVE-2022-46880 Use-after-free in WebGL + CVE-2022-46872 Arbitrary file read from a compromised content process + CVE-2022-46881 Memory corruption in WebGL +...

SUSE-SU-2022:4579-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to version 102.6 bsc1206242: - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped...

RHEL 8 : thunderbird (RHSA-2022:9074)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9074 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Security Fixes: Mozilla:...

RHEL 8 : firefox (RHSA-2022:9067)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9067 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

MGASA-2022-0476 Updated thunderbird packages fix security vulnerability

An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages CVE-2022-46872. A drag-and-dropped file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...

Updated thunderbird packages fix security vulnerability

An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages CVE-2022-46872. A drag-and-dropped file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...

MGASA-2022-0475 Updated firefox packages fix security vulnerability

An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages CVE-2022-46872. A drag-and-dropped file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious...

AlmaLinux 8 : thunderbird (ALSA-2022:9074)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:9074 advisory. - Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remo...

AlmaLinux 8 : firefox (ALSA-2022:9067)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:9067 advisory. - An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages. This...