Important security updates close several vulnerabilities in the email client Thunderbird and the web browsers Firefox and Firefox ESR.
Attackers could attack Firefox, Firefox ESR and Thunderbird in certain situations and, in the worst case, execute malicious code. If that works, there is a high probability that they could completely compromise systems.
With the two web browsers, there may be problems with parsing (CVE-2022-40960 “high“) come from non-UTF8 URLs. In an attack scenario that is not described in detail, malicious code could reach systems (CVE-2022-40962 “high“).
Victims reply to a crafted HTML email with a
simple html or
plain text are not affected by the gap.
In the versions Firefox 105, Firefox ESR 102.3 and Thunderbird 91.13.1 and from Thunderbird 102.2.1 the developers have closed the vulnerabilities.
More information about the vulnerabilities:
- Closed vulnerabilities in Firefox 102.3
- Closed vulnerabilities in Firefox 105
- Closed vulnerabilities in Thunderbird 91.13.1
- Closed vulnerabilities in Thunderbird 102.2.1