12 matches found
CVE-2023-28103
matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...
CVE-2022-36060
matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...
CVE-2022-36060 Prototype pollution in matrix-react-sdk
matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...
CVE-2023-28103
matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...
Important: thunderbird
Issue Overview: Integer overflow vulnerability in avtimecodemakestring in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service DoS via crafted .mov file. CVE-2021-28429 When receiving an HTML email that contained an iframe element, which used a srcdoc...
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack
A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. An attacker could spoof historical messages from other users, and use a malicious key backup to the user's account unde...
Security Vulnerabilities fixed in Thunderbird 102.3.1 — Mozilla
Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that server. Thunderbird users who use the Matrix chat protocol were vulnerable to an...
Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-249-02)
The version of mozilla-thunderbird installed on the remote host is prior to 102.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-249-02 advisory. - When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the...
CVE-2022-36059
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Thunderbird users who use the Matrix chat protocol being vulnerable to a denial of service attack. An adversary sharing a room with a user could attack affected clients, making it not show all of a user's...
Mozilla Thunderbird < 102.2.1
The version of Thunderbird installed on the remote Windows host is prior to 102.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-38 advisory. - If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the...
Security Vulnerabilities fixed in Thunderbird 91.4.1 — Mozilla
When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the addition...
Mozilla Thunderbird < 91.4.1
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-55 advisory. - Thunderbird users who use the Matrix chat protocol were vulnerable to a buffer overflow in libolm, that...