CentOS 7 : thunderbird (RHSA-2022:0127)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0127 advisory. - It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR 91.5, Firefo...

Epub.js 跨站脚本漏洞

Epub.js is a JavaScript library. It is used to render Epub documents in the browser across multiple devices. A cross-site scripting vulnerability exists in FuturePress EPub.js versions prior to 0.3.89, which stems from a lack of escaping and filtering of user-submitted data in...

The vulnerability of elements in iframe modules for web page rendering in WebKitGTK and WPE WebKit allows attackers to exploit it to compromise the integrity of web page data. This vulnerability is related to the lack of protection for the structure of web pages.

The vulnerability of elements in iframe modules for displaying web pages in WebKitGTK and WPE WebKit is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability can allow a malicious actor to compromise data integrity through malicious web content...

Debian DLA-2880-1 : firefox-esr - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2880 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory...

Debian DLA-2881-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2881 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory...

Debian DSA-5045-1 : thunderbird - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5045 advisory. Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable...

Sandbox Bypass

thunderbird is vulnerable to sandbox bypass. The vulnerability exists through the Iframe with XSLT...

ROS-20220114-02

Vulnerability in Mozilla Thunderbird email client, related to memory usage after memory freeing due to a race condition when playing audio files. Exploitation of the vulnerability could allow an attacker acting remotely to create a specially crafted audio shell, trigger a post-release usage error...

Mozilla Firefox Security Advisories (MFSA2021-55, MFSA2022-03) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Thunderbird Security Advisories (MFSA2022-01, MFSA2022-03) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

UBUNTU-CVE-2022-22743

When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5229-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5229-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

Oracle Linux 7 : firefox (ELSA-2022-0124)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-0124 advisory. 91.5.0-1.0.2 - Enabled aarch64 builds 91.5.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 3014329...

CVE-2022-22743

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When navigating from inside an iframe while requesting full screen access, an attacker-controlled tab could have made the browser unable to leave full screen mode...

CVE-2021-4140

The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markups that would enable someone to bypass an iframe sandbox...

Mozilla: Iframe sandbox bypass with XSLT

The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markups that would enable someone to bypass an iframe sandbox...

Mozilla: Browser window spoof using fullscreen mode

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When navigating from inside an iframe while requesting full screen access, an attacker-controlled tab could have made the browser unable to leave full screen mode...

Mozilla: Browser window spoof using fullscreen mode

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When navigating from inside an iframe while requesting full screen access, an attacker-controlled tab could have made the browser unable to leave full screen mode...

Mozilla: Iframe sandbox bypass with XSLT

The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markups that would enable someone to bypass an iframe sandbox...

Mozilla: Iframe sandbox bypass with XSLT

The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markups that would enable someone to bypass an iframe sandbox...