![]() This could have lead to a use-after-free causing a potentially exploitable crash. #CVE-2022-22737: Race condition when playing audio files Reporter bo13oy of Cyber Kunlun Lab Impact high DescriptionĬonstructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. #CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur Reporter Atte Kettunen Impact high DescriptionĪpplying a CSS filter effect could have accessed out of bounds memory. #CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner Reporter bo13oy of Cyber Kunlun Lab Impact high DescriptionĬertain network request objects were freed too early when releasing a network request handle. ![]() When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. #CVE-2022-22741: Browser window spoof using fullscreen mode Reporter Irvan Kurniawan Impact high Description When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. #CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode Reporter Irvan Kurniawan Impact high Description When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. #CVE-2022-22743: Browser window spoof using fullscreen mode Reporter Irvan Kurniawan Impact high Description This bug only affects Firefox for Windows. #CVE-2022-22746: Calling into reportValidity could have lead to fullscreen window spoof Reporter Irvan Kurniawan Impact high DescriptionĪ race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed. ![]() In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. Mozilla Foundation Security Advisory 2022-03 Security Vulnerabilities fixed in Thunderbird 91.5 Announced JanuImpact high Products Thunderbird Fixed in ![]()
0 Comments
Leave a Reply. |