Saturday, November 23, 2024

Attackers could execute their own code in the context of Thunderbird and Firefox

Date:

Attackers could attack Firefox, Firefox ESR, and Thunderbird in certain situations and, in the worst case, execute malicious code. If that works, there is a high probability that they can completely compromise the systems.

With both web browsers, there may be issues with parsing (CVE-2022-40960″tall“) come from non-UTF8 URLs. In an attack scenario not described in detail, malicious code could reach systems (CVE-2022-40962 “tall“).

Victims respond to a doctored HTML email with a meta day, attackers could smuggle information about it. Due to the bug (CVE-2022-3033 “tall‘) could execute JavaScript and use it to read or even manipulate messages. Users showing the text of the message in simple html either plain text they are not affected by the gap.

in the versions Firefox 105, Firefox ESR 102.3 Y Thunderbird 91.13.1 and of Thunderbird 102.2.1 the developers have closed the vulnerabilities.

More information about the vulnerabilities:

updates

09/21/2022

10:59

clock

Added more information about breaches.

See also:

  • Firefox – download quickly and safely from heise.de
  • Thunderbird: Download quickly and safely from heise.de


(of)

to the home page

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:

Popular

More like this
Related

Practice Acrylic Nail Techniques Without Needing a Fake Hand

When you're starting your journey with acrylic nails, practice...

Inside the World of Common Snapping Turtles: Behavior and Habitat

The common snapping turtle (Chelydra serpentina) is one of...

How to Use Video Marketing to Promote B2C Products?

Video marketing has emerged as a powerful tool for...

Adapting to Change: The Future for Leopard Tortoise Environments

Leopard tortoises, known for their striking spotted shells and...