mickmick.net

Mozilla Thunderbird Multiple Vulnerabilities

Last Update Date: 21 Sep 2022 Release Date: 2 Sep 2022

RISK: Medium Risk

TYPE: Clients - Email Clients

Multiple vulnerabilities were identified in Mozilla Thunderbird. A remote attacker could exploit some of these vulnerabilities to trigger denial of service, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.

 

[Updated on 2022-09-21]

Updated System / Technologies affected, Solutions and Related Links.

---

Impact

• Denial of Service
• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure

---

System / Technologies affected

• Thunderbird version prior to 102.2.1
• Thunderbird version prior to 91.13.1

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

• Update to version 102.2.1
• Update to version 91.13.1

---

Vulnerability Identifier

• CVE-2022-3032
• CVE-2022-3033
• CVE-2022-3034
• CVE-2022-36059

---

Source

• Mozilla
• AusCERT

---

Related Link

• https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-39/
• https://www.auscert.org.au/bulletins/ESB-2022.4321
• https://www.auscert.org.au/bulletins/ESB-2022.4645