Project of AEREZONA DEVELOPERS. Contact Us at: +92-300-3308001 email at: [email protected]
HomeTech NewsCybersecurityAttackers could run their own code in the context of Thunderbird and...

Attackers could run their own code in the context of Thunderbird and Firefox

Published on

- Advertisement -

Important security updates close several vulnerabilities in the email client Thunderbird and the web browsers Firefox and Firefox ESR.

 

Attackers could attack Firefox, Firefox ESR and Thunderbird in certain situations and, in the worst case, execute malicious code. If that works, there is a high probability that they could completely compromise systems.

- Advertisement -

 

With the two web browsers, there may be problems with parsing (CVE-2022-40960 “high“) come from non-UTF8 URLs. In an attack scenario that is not described in detail, malicious code could reach systems (CVE-2022-40962 “high“).

Victims reply to a crafted HTML email with a meta day, attackers could smuggle out information about it. Due to the error (CVE-2022-3033 “high’) they could execute JavaScript and use it to read or even manipulate messages. Users who display the message text on simple html or plain text are not affected by the gap.

In the versions Firefox 105, Firefox ESR 102.3 and Thunderbird 91.13.1 and from Thunderbird 102.2.1 the developers have closed the vulnerabilities.

- Advertisement -

More information about the vulnerabilities:

  • Closed vulnerabilities in Firefox 102.3
  • Closed vulnerabilities in Firefox 105
  • Closed vulnerabilities in Thunderbird 91.13.1
  • Closed vulnerabilities in Thunderbird 102.2.1

- Advertisement -

Latest articles

How to contact TikTok

Share on Twitter Share on Facebook Share on LinkedIn Share on Pinterest Share...

New electric jet ski capable of reaching 93 km/h

Pictured here is Valo's Hyperfoil vehicle, a two-seat electric personal watercraft that can lift...

More like this