Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.10. #CVE-2023-32215: Memory safety bugs fixed in Thunderbird 102.11 Reporter Mozilla developers and community Impact high Description Other operating systems are not affected. Protocol handlers ms-cxh and ms-cxh-full could have been leveraged to trigger a denial of service. #CVE-2023-32214: Potential DoS via exposed protocol handlers Reporter Edward Prior Impact low Description When reading a file, an uninitialized value could have been used as read limit. #CVE-2023-32213: Potential memory corruption in FileReader::DoReadData() Reporter Ronald Crane Impact moderate Description #CVE-2023-32212: Potential spoof due to obscured address bar Reporter Hafiizh Impact moderate DescriptionĪn attacker could have positioned a datalist element to obscure the address bar. #CVE-2023-32211: Content process crash due to invalid wasm code Reporter P1umer and xmzyshypnc Impact moderate DescriptionĪ type checking bug would have led to invalid code being compiled. #CVE-2023-32207: Potential permissions request bypass via clickjacking Reporter Hafiizh Impact high DescriptionĪ missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. #CVE-2023-32206: Crash in RLBox Expat driver Reporter Irvan Kurniawan Impact high DescriptionĪn out-of-bound read could have led to a crash in the RLBox Expat driver.
These could have led to potential user confusion and spoofing attacks. In multiple cases browser prompts could have been obscured by popups controlled by content. #CVE-2023-32205: Browser prompts could have been obscured by popups Reporter Alesandro Ortiz Impact high Description Mozilla Foundation Security Advisory 2023-18 Security Vulnerabilities fixed in Thunderbird 102.11 Announced Impact high Products Thunderbird Fixed in
0 kommentar(er)
