It was possible to construct specific XSLT markup that would be able to bypass
an iframe sandbox (CVE-2021-4140).
Constructing audio sinks could have lead to a race condition when playing
audio files and closing windows. This could have lead to a use-after-free
causing a potentially exploitable crash (CVE-2022-22737).
Applying a CSS filter effect could have accessed out of bounds memory. This
could have lead to a heap-buffer-overflow in blendGaussianBlur causing a
potentially exploitable crash (CVE-2022-22738).
Malicious websites could have tricked users into accepting launching a program
to handle an external URL protocol due to missing throttling on external
protocol launch dialog (CVE-2022-22739).
Certain network request objects were freed too early when releasing a network
request handle. This could have lead to a use-after-free of
ChannelEventQueue::mOwner causing a potentially exploitable crash
(CVE-2022-22740).
When resizing a popup while requesting fullscreen access, the pop...
- https://bugs.mageia.org/show_bug.cgi?id=29873
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/
- https://www.thunderbird.net/en-US/thunderbird/91.5.0/releasenotes/
- https://access.redhat.com/errata/RHSA-2022:0129
- https://www.cve.org/CVERecord?id=CVE-2021-4140
- https://www.cve.org/CVERecord?id=CVE-2022-22737
- https://www.cve.org/CVERecord?id=CVE-2022-22738
- https://www.cve.org/CVERecord?id=CVE-2022-22739
- https://www.cve.org/CVERecord?id=CVE-2022-22740
- https://www.cve.org/CVERecord?id=CVE-2022-22741
- https://www.cve.org/CVERecord?id=CVE-2022-22742
- https://www.cve.org/CVERecord?id=CVE-2022-22743
- https://www.cve.org/CVERecord?id=CVE-2022-22745
- https://www.cve.org/CVERecord?id=CVE-2022-22747
- https://www.cve.org/CVERecord?id=CVE-2022-22748
- https://www.cve.org/CVERecord?id=CVE-2022-22751
- 8/core/thunderbird-91.5.0-1.mga8
- 8/core/thunderbird-l10n-91.5.0-1.mga8
Get the latest Linux and open source security news straight to your inbox.