![]() This could have lead to a use-after-free causing a potentially exploitable crash. #CVE-2022-22737: Race condition when playing audio files Reporter bo13oy of Cyber Kunlun Lab Impact high DescriptionĬonstructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. #CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur Reporter Atte Kettunen Impact high DescriptionĪpplying a CSS filter effect could have accessed out of bounds memory. #CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner Reporter bo13oy of Cyber Kunlun Lab Impact high DescriptionĬertain network request objects were freed too early when releasing a network request handle. When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. #CVE-2022-22741: Browser window spoof using fullscreen mode Reporter Irvan Kurniawan Impact high Description When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. #CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode Reporter Irvan Kurniawan Impact high Description When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. #CVE-2022-22743: Browser window spoof using fullscreen mode Reporter Irvan Kurniawan Impact high Description ![]() This bug only affects Firefox for Windows. #CVE-2022-22746: Calling into reportValidity could have lead to fullscreen window spoof Reporter Irvan Kurniawan Impact high DescriptionĪ race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. Mozilla Foundation Security Advisory 2022-03 Security Vulnerabilities fixed in Thunderbird 91.5 Announced JanuImpact high Products Thunderbird Fixed in ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |