Operating System:

[WIN][UNIX/Linux]

Published:

14 December 2022

Protect yourself against future threats.

//Service

Early Warning SMS

Receive SMS notifications for the most critical security threats and vulnerabilities.

Read more
Resources > Security Bulletins > ESB-2022.6478 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.6478
     MFSA 2022-53 Security Vulnerabilities fixed in Thunderbird 102.6
                             14 December 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Thunderbird
Publisher:         Mozilla
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-46882 CVE-2022-46881 CVE-2022-46880
                   CVE-2022-46878 CVE-2022-46875 CVE-2022-46874
                   CVE-2022-46872  

Original Bulletin: 
   https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/

Comment: CVSS (Max):  None available when published

- --------------------------BEGIN INCLUDED TEXT--------------------

Mozilla Foundation Security Advisory 2022-53

Security Vulnerabilities fixed in Thunderbird 102.6

Announced: December 13, 2022
Impact:    high
Products:  Thunderbird
Fixed in:  Thunderbird 102.6

In general, these flaws cannot be exploited through email in the Thunderbird
product because scripting is disabled when reading mail, but are potentially
risks in browser or browser-like contexts.

# CVE-2022-46880: Use-after-free in WebGL

Reporter: Atte Kettunen
Impact:   high

Description

A missing check related to tex units could have led to a use-after-free and
potentially exploitable crash.

References

  o Bug 1749292

# CVE-2022-46872: Arbitrary file read from a compromised content process

Reporter: Nika Layzell
Impact:   high

Description

An attacker who compromised a content process could have partially escaped the
sandbox to read arbitrary files via clipboard-related IPC messages.
This bug only affects Thunderbird for Linux. Other operating systems are
unaffected.

References

  o Bug 1799156

# CVE-2022-46881: Memory corruption in WebGL

Reporter: Karl and an Anonymous ASAN Nightly User
Impact:   high

Description

An optimization in WebGL was incorrect in some cases, and could have led to
memory corruption and a potentially exploitable crash.

References

  o Bug 1770930

# CVE-2022-46874: Drag and Dropped Filenames could have been truncated to
malicious extensions

Reporter: Matthias Zoellner
Impact:   moderate

Description

A file with a long filename could have had its filename truncated to remove the
valid extension, leaving a malicious extension in its place. This could
potentially led to user confusion and the execution of malicious code.

References

  o Bug 1746139

# CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files
on Mac OS

Reporter: Dohyun Lee
Impact:   moderate

Description

The executable file warning was not presented when downloading .atloc and
.ftploc files, which can run commands on a user's computer.
Note: This issue only affected Mac OS operating systems. Other operating
systems are unaffected.

References

  o Bug 1786188

# CVE-2022-46882: Use-after-free in WebGL

Reporter: Irvan Kurniawan
Impact:   moderate

Description

A use-after-free in WebGL extensions could have led to a potentially
exploitable crash.

References

  o Bug 1789371

# CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6

Reporter: Mozilla developers
Impact:   high

Description

Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla
Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of
these bugs showed evidence of memory corruption and we presume that with enough
effort some of these could have been exploited to run arbitrary code.

References

  o Memory safety bugs fixed in Thunderbird 102.6

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY5kB4MkNZI30y1K9AQjjxBAAqVm3cwKc4EWL7krJVzGUFpiqmhoGoMNl
lLp4pZwd38P9ObvKi1+KEXoVSKwxQaKH+4r5HYPS3UvmkbN3CkhPWzGT8LdRR5Bj
Nf0YoQD6mOjhsFB0jRlxxzzNVDQShprwhFP6UVFBbBNvdj8rUCyKWldnzoJS7eMn
tbFHpT3O4MKAYqoldXrGX5oiG+oqAda+Ym6xi8uE3OCAayOopU/ibS3uY33A+Fh9
of7AoHR/kaFtVBRexAJuaquv5u2UBatXkYcHBTJSy7UdPpirNbD0TgTtK66c1YsT
3sQxYEMus/tC0MFK12wK8Jf5R1tH5s34/n/RL2Hpw04S9nccm/lJuhjsPrbp1MQx
WWRgbpZR4fJyIIVaPTVu114dMIlT3tm2gq/u7ujlNfgsyAEJY1qPOUz8rtcD1pze
AfXTfQSF9CDED7aZ+d3/Cq5Vmp5hMyXXTIY9tI85V8kQEAq7Y9U/KFH0ITq/PASt
Yws5T7JbengPT30WFCZ8Lp0Ok8TxLRzjYt32zbXcFRxzhbSaZjTAq8fI3nvjrMiI
i0y1ngyex4LV6dR1ysrC0mYp7suKB+KwhCJXHF4az+g/HPhRqi64K5zAifvQhJxt
SCfRificDztCXhg2JTtigpXqmDK0qmqPERWkbEdYzGrpRT1zEvSga2AV/zQQrbO3
qcPasn1isZU=
=DX80
-----END PGP SIGNATURE-----