2 matches found
MGASA-2022-0163 Updated thunderbird packages fix security vulnerability
Incorrect security status shown after viewing an attached email. CVE-2022-1520 Fullscreen notification bypass using popups. CVE-2022-29914 Bypassing permission prompt in nested browsing contexts. CVE-2022-29909 Leaking browser history with CSS variables. CVE-2022-29916 iframe sandbox bypass...
CVE-2018-12402
The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...