Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2022-12

Security Vulnerabilities fixed in Thunderbird 91.7

Announced
March 8, 2022
Impact
high
Products
Thunderbird
Fixed in
  • Thunderbird 91.7

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

#CVE-2022-26383: Browser window spoof using fullscreen mode

Reporter
Irvan Kurniawan
Impact
high
Description

When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.

References

#CVE-2022-26384: iframe allow-scripts sandbox bypass

Reporter
Ed McManus
Impact
high
Description

If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox.

References

#CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures

Reporter
Armin Ebert
Impact
high
Description

When installing an add-on, Thunderbird verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Thunderbird would not have noticed.

References

#CVE-2022-26381: Use-after-free in text reflows

Reporter
Mozilla Fuzzing Team and Hossein Lotfi of Trend Micro Zero Day Initiative
Impact
high
Description

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash.

References

#CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users

Reporter
attila
Impact
low
Description

Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory.
This bug only affects Thunderbird for macOS and Linux. Other operating systems are unaffected.

References