Attackers could attack Firefox, Firefox ESR, and Thunderbird in certain situations and, in the worst case, execute malicious code. If that works, there is a high probability that they can completely compromise the systems.
With both web browsers, there may be issues with parsing (CVE-2022-40960″tall“) come from non-UTF8 URLs. In an attack scenario not described in detail, malicious code could reach systems (CVE-2022-40962 “tall“).
Victims respond to a doctored HTML email with a meta day, attackers could smuggle information about it. Due to the bug (CVE-2022-3033 “tall‘) could execute JavaScript and use it to read or even manipulate messages. Users showing the text of the message in simple html either plain text they are not affected by the gap.
in the versions Firefox 105, Firefox ESR 102.3 Y Thunderbird 91.13.1 and of Thunderbird 102.2.1 the developers have closed the vulnerabilities.
More information about the vulnerabilities:
updates
09/21/2022
10:59
clock
Added more information about breaches.
See also:
- Firefox – download quickly and safely from heise.de
- Thunderbird: Download quickly and safely from heise.de
(of)
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.
