CVE-2022-28286 The layout of the iframe contents could have been changed in a way that could lead to user confusion or spoofing attacks.

Iframes were not rendered outside of their parent window before, as they are now. This could be used to potentially leak data across domains with malicious code. We recommend upgrading to the latest version of Thunderbird and/or Firefox.

CVE-2018-1275: Use-after-free with web workers and event source handling A use-after-free vulnerability was discovered in Web Workers when the event-source property is used on an element that invokes a web worker. An attacker could use this flaw to potentially execute code on behalf of a user. This issue did not affect Firefox 52 ESR. You can read more about this vulnerability here. The fix for this issue was implemented in Firefox 62.

CVE-2018-1276: Memory safety bugs fixed in Firefox This release fixes several issues in Firefox that could potentially lead to a vulnerability. These issues were either fixed, or are now fixed in later versions. These changes might not be visible, as they are associated with internal code changes or updates. However, users who are concerned about these issues should upgrade to a newer version of Firefox.

CVE-2018-5407: Memory safety bugs fixed in Firefox This release fixes several issues in Firefox that could potentially lead to a vulnerability. These issues were either fixed, or are now fixed in later versions. These changes might not be visible, as they are associated with internal code changes or updates. However, users who are concerned about these issues should upgrade to a newer

WebRTC and Media

WebRTC was a technology that enabled video and voice calls from web browsers. It was previously called the RTP/RTCPeerConnection API, and had been deprecated in Firefox until it was removed in version 60. The client-side implementation of WebRTC has been removed from Firefox in version 61.

Memory safety bugs fixed in Firefox

A number of memory safety bugs were fixed in Firefox. The most notable of these is CVE-2018-5407. This release fixes several issues in Firefox that could potentially lead to a vulnerability. These issues were either fixed, or are now fixed in later versions. These changes might not be visible, as they are associated with internal code changes or updates. However, users who are concerned about these issues should upgrade to a newer version of Firefox.

What is the Thunderbird CVE?

Thunderbird is vulnerable to a use-after-free in the workers implementation. This issue was fixed in Thunderbird 62.

Timeline

Published on: 12/22/2022 20:15:00 UTC
Last modified on: 12/30/2022 20:45:00 UTC

References

• https://www.mozilla.org/security/advisories/mfsa2022-13/
• https://bugzilla.mozilla.org/show_bug.cgi?id=1735265
• https://www.mozilla.org/security/advisories/mfsa2022-15/
• https://www.mozilla.org/security/advisories/mfsa2022-14/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28286