“Attackers could attack Firefox, Firefox ESR, and Thunderbird in certain situations and execute malicious code in the worst case scenario. If this works, they are likely to completely compromise systems.

The two web browsers may experience problems with parsing (CVE-2022-40 960 “high”) of non-UTF8 URLs. In an unspecified attack scenario, malicious code could reach systems (CVE-2022-40 962 “high”).

Responses Victims to a pre-prepared HTML email with a meta tag could potentially exclude information about it. Due to the error (CVE-2022-3033 “high”) you could run JavaScript and read or even manipulate messages about it. Users who have set the display of message text to simple html or plain text are not affected by the vulnerability.

Developers have fixed the vulnerabilities in Firefox 105, Firefox ESR 102.3, and Thunderbird 91.13.1 and Thunderbird 102.2.1.”

https://www.heise.de/news/Angreifer-koennten-eigenen-Code-im-Kontext-von-Firefox-und-Thunderbird-ausfuehren-7270944.html

in both products updates go like this:

  • help -> About Firefox/Thunderbird -> update

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!
admin