OPENSUSE-SU-2022:0199-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - CVE-2021-4140: Fixed Iframe sandbox bypass with XSLT bsc1194547. - CVE-2022-22737: Fixed race condition when playing audio files bsc1194547. - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur bsc1194547. -...

Cross-Site Request Forgery (CSRF)

firefox is vulnerable to cross site request forgery. The vulnerability exists due to a Spoofed Origin On External Protocol Launch Dialog...

Command Injection

firefox is vulnerable to command injection. The vulnerability exists due to the lack of throttling on external protocol launch dialog allowing an attacker to trick users into accepting launching a program to handle an external URL protocol...

Mozilla: Spoofed origin on external protocol launch dialog

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have confused Thunderbird into showing the wrong origin when asking to launch a program and handling an external URL protocol...

Mozilla: Missing throttling on external protocol launch dialog

The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol...

Mozilla: Missing throttling on external protocol launch dialog

The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol...

Mozilla: Missing throttling on external protocol launch dialog

The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Mozilla: Spoofed origin on external protocol launch dialog

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have confused Thunderbird into showing the wrong origin when asking to launch a program and handling an external URL protocol...

Mozilla: Spoofed origin on external protocol launch dialog

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have confused Thunderbird into showing the wrong origin when asking to launch a program and handling an external URL protocol...