Cross-site Scripting (XSS)

TinyMCE is vulnerable to Cross-site Scripting XSS. The vulnerability occurs when an HTML snippet is restored from the undo stack. In this situation, a combination of string manipulation and reparative parsing by the browser's native DomParser API results in malicious mutations to the HTML. This, ...

Cross site scripting

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

CVE-2023-45818 Cross-site Scripting vulnerability in TinyMCE undo/redo, getContent API, resetContent API, and Autosave plugin

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

CVE-2023-45818

Removed by vendor...

TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If t...

Important: firefox

Issue Overview: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1. CVE-2023-4045 In some...

MGASA-2023-0266 Updated firefox/thunderbird packages fix security vulnerability

Use-after-free in workers. CVE-2023-3600 File Extension Spoofing using the Text Direction Override Character. CVE-2023-3417 Offscreen Canvas could have bypassed cross-origin restrictions. CVE-2023-4045 Incorrect value used during WASM compilation. CVE-2023-4046 Potential permissions request bypas...

Advisory ROSA-SA-2023-2233

Software: thunderbird 102.14.0 OS: rosa-server79 packageevrstring: thunderbird-102.14.0-3.res7.x8664.rpm CVE-ID: CVE-2023-3417 BDU-ID: 2023-03965 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Thunderbird email client exists due to improper handling of the Unicode character for overriding text...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Thunderbird vulnerabilities (USN-6333-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6333-1 advisory. Junsung Lee discovered that Thunderbird did not properly validate the text direction override unicode character in filenames. An...

Oracle Linux 8 : thunderbird (ELSA-2023-4497)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4497 advisory. 102.14.0-1.0.1 - Update to 102.14.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Oracle Linux 9 : thunderbird (ELSA-2023-4499)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4499 advisory. 102.14.0-1.0.1 - Update to 102.14.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...

RLSA-2023:4499 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Security Fixes: Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation CVE-2023-4046 Mozilla:...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update ...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Mozilla: Crash in DOMParser due to out-of-memory conditions

The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations...

RHEL 9 : thunderbird (RHSA-2023:4499)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4499 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Security Fixes: Mozilla...

RHEL 8 : thunderbird (RHSA-2023:4496)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4496 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Security Fixes: Mozilla...

ALSA-2023:4497 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Security Fixes: Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation CVE-2023-4046 Mozilla:...