Attackers could run their own code in the context of Thunderbird and Firefox

0
3
attackers could run their own code in the context of.png
attackers could run their own code in the context of.png

Important security updates close several vulnerabilities in the email client Thunderbird and the web browsers Firefox and Firefox ESR.

 

Attackers could attack Firefox, Firefox ESR and Thunderbird in certain situations and, in the worst case, execute malicious code. If that works, there is a high probability that they could completely compromise systems.

 

With the two web browsers, there may be problems with parsing (CVE-2022-40960 “high“) come from non-UTF8 URLs. In an attack scenario that is not described in detail, malicious code could reach systems (CVE-2022-40962 “high“).

Victims reply to a crafted HTML email with a meta day, attackers could smuggle out information about it. Due to the error (CVE-2022-3033 “high’) they could execute JavaScript and use it to read or even manipulate messages. Users who display the message text on simple html or plain text are not affected by the gap.

In the versions Firefox 105, Firefox ESR 102.3 and Thunderbird 91.13.1 and from Thunderbird 102.2.1 the developers have closed the vulnerabilities.

More information about the vulnerabilities:

  • Closed vulnerabilities in Firefox 102.3
  • Closed vulnerabilities in Firefox 105
  • Closed vulnerabilities in Thunderbird 91.13.1
  • Closed vulnerabilities in Thunderbird 102.2.1

SEE ALSO  Who sees my WhatsApp statuses