This could contribute to security problems in web sites. Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal /…/ part in the path could be used to override the specified host. This bug only affects Thunderbird on X11. When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. Ownership mismanagement led to a use-after-free in ReadableByteStreams (CVE-2023-6207) It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. ![]() On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. ![]() ![]() It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-52 advisory. The version of Thunderbird installed on the remote Windows host is prior to 115.5.0.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |