8 matches found
Astra Linux – Vulnerability in Thunderbird
When importing a revoked key with “key compromise” as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked. As a result, the existing key remained unrevoked. Revocation statements that used another revocation reason, or those that did not specify...
Astra Linux – Vulnerability in Firefox and Thunderbird
When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability, this could have led to an out-of-bounds memory read. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...
SUSE CVE-2022-28282
By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...
DEBIAN-CVE-2022-28282
By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...
DEBIAN-CVE-2022-1197
When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a...
DEBIAN-CVE-2022-1097
NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...
UBUNTU-CVE-2022-1197
When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a...
UBUNTU-CVE-2022-1097
NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...