werailove.blogg.se - Firefox thunderbird

Depending on the privileges associated with the user an attacker could then install programs view, change, or delete data or create new accounts with full user rights. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution.

Memory safety bugs fixed in Firefox 95 (CVE-2022-22752).

Memory safety bugs fixed in Firefox 95, Firefox ESR 91.4, and Thunderbird 91.4 (CVE-2022-22751).

IPC passing of resource handles could lead to sandbox bypass (CVE-2022-22750).

Lack of URL restrictions when scanning QR codes (CVE-2022-22749).

Spoofed origin on external protocol launch dialog (CVE-2022-22748).

Crash when handling empty pkcs7 sequence (CVE-2022-22747).

Calling into reportValidity could lead to fullscreen window spoof (CVE-2022-22746).

Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745).

The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection (CVE-2022-22744).

Browser window spoof using fullscreen mode (CVE-2022-22743).Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742).Browser window spoof using fullscreen mode (CVE-2022-22741).Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740).Missing throttling on external protocol launch dialog (CVE-2022-22739).Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738).Race condition when playing audio files (CVE-2022-22737).Potential local privilege escalation when loading modules from the install directory.Iframe sandbox bypass with XSLT (CVE-2021-4140).Details of these vulnerabilities are as follows: Multiple vulnerabilities have been discovered in Mozilla Firefox, Firefox Extended Support Release (ESR), and Thunderbird, the most severe of which could allow for arbitrary code execution.