Fedora 36 : php-Smarty (2022-52154efd61)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-52154efd61 advisory. 3.1.47 - 2022-09-14 Security - Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks 454 Fixed - Fixed use ...

CVE-2022-29916

CVE-2022-29916 is an information-disclosure issue where Firefox behaves differently when loading CSS resources with CSS variables, potentially allowing history probing. Affected products in public advisories include Thunderbird and Firefox variants (Thunderbird < 91.9, Firefox/ ESR < 91.9, ...

CVE-2022-45418

If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

CVE-2022-31744

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...

CVE-2022-36319

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR 102.1, Firefox ESR 91.12, Firefox 103, Thunderbird 102.1, and Thunderbird 91.12...

CVE-2022-36319

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR 102.1, Firefox ESR 91.12, Firefox 103, Thunderbird 102.1, and Thunderbird 91.12...

CVE-2022-29916

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

CVE-2022-31744

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...

CVE-2022-22738

Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

CVE-2022-22738

The CVE-2022-22738 entry concerns a heap-buffer-overflow caused by applying a CSS filter, potentially exploitable via memory corruption. Affected products are Mozilla Firefox/Thunderbird: Firefox ESR < 91.5, Firefox < 96, and Thunderbird

CVE-2022-31744

CVE-2022-31744 involves an CSS injection flaw that could let an attacker inject CSS into stylesheets accessible via internal URIs (e.g., resource:) and bypass a page's Content Security Policy. Affected products include Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Fire...

CVE-2022-29916

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

CVE-2022-45418

CVE-2022-45418 describes a UI spoofing risk where a custom CSS mouse cursor could be drawn over the browser UI, potentially confusing users. Affected products include Firefox ESR and Firefox releases prior to 102.5, and Thunderbird prior to 102.5. Public sources in connected documents consistentl...

CVE-2022-36319

CVE-2022-36319 involves a mouse position spoofing issue caused by combining CSS overflow and transform properties, affecting Firefox ESR and Thunderbird prior to certain fixed versions. Affected are Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thun...

CVE-2022-22738

Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

CVE-2022-31744

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...

CVE-2022-29916

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

CVE-2022-36319

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR 102.1, Firefox ESR 91.12, Firefox 103, Thunderbird 102.1, and Thunderbird 91.12...

CVE-2022-45418

If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

CVE-2022-36319

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR 102.1, Firefox ESR 91.12, Firefox 103, Thunderbird 102.1, and Thunderbird 91.12...