Page 43 of 944 results (0.011 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures. A flaw was found in Thunderbird, which is vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures. • https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2021-43529 https://access.redhat.com/security/cve/CVE-2021-43529 https://bugzilla.redhat.com/show_bug.cgi?id=2088353 https://access.redhat.com/security/cve/CVE-2021-43527 https://access.redhat.com/security/vulnerabilities/RHSB-2021-008 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the additional contents were also covered by the digital signature. Starting with Thunderbird version 91.4.1, only the signature that belongs to the top level MIME part will be considered for the displayed status. This vulnerability affects Thunderbird < 91.4.1. Al recibir un mensaje de correo electrónico firmado con OpenPGP/MIME que contiene una capa de mensaje MIME externa adicional, por ejemplo un pie de página de mensaje agregado por una puerta de enlace de lista de correo, Thunderbird solo consideró el mensaje firmado interno para la validez de la firma. • https://bugzilla.mozilla.org/show_bug.cgi?id=1732310 https://www.mozilla.org/security/advisories/mfsa2021-55 •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Después de aceptar un certificado que no es de confianza, manejar una secuencia pkcs7 vacía como parte de los datos del certificado podría haber provocado un bloqueo. Se cree que este accidente no es explotable. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735028 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 https://access.redhat.com/security/cve/CVE-2022-22747 https://bugzilla.redhat.com/show_bug.cgi?id=2039572 • CWE-295: Improper Certificate Validation CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Los eventos de violación de la política de seguridad podrían haber filtrado información de origen cruzado sobre violaciones de los ancestros del frame. Esta vulnerabilidad afecta a Firefox ESR &lt; 91.5, Firefox &lt; 96 y Thunderbird &lt; 91.5. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1735856 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 https://access.redhat.com/security/cve/CVE-2022-22745 https://bugzilla.redhat.com/show_bug.cgi?id=2039570 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Fue posible construir un marcado XSLT específico que podría omitir un entorno limitado de iframe. Esta vulnerabilidad afecta a Firefox ESR &lt; 91.5, Firefox &lt; 96 y Thunderbird &lt; 91.5. The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markups that would enable someone to bypass an iframe sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1746720 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 https://access.redhat.com/security/cve/CVE-2021-4140 https://bugzilla.redhat.com/show_bug.cgi?id=2039568 • CWE-91: XML Injection (aka Blind XPath Injection) CWE-1021: Improper Restriction of Rendered UI Layers or Frames •