Get mozilla thunderbird4/13/2023 ![]() #CVE-2023-25730: Screen hijack via browser fullscreen mode Reporter Irvan Kurniawan Impact high DescriptionĪ background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. ![]() #CVE-2023-25728: Content security policy leak in violation reports using iframes Reporter Johan Carlsson Impact high Description An attacker could send a crafted message with this structure to attempt a DoS attack. If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. ![]() #CVE-2023-0616: User Interface lockup with messages combining S/MIME and OpenPGP Reporter Kai Engert Impact low Description Mozilla Foundation Security Advisory 2023-07 Security Vulnerabilities fixed in Thunderbird 102.8 Announced FebruImpact low Products Thunderbird Fixed inĮxcept for CVE-2023-0616, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |