Rewterz Threat Advisory – CVE-2022-37435 – Apache ShenYu Vulnerability
September 2, 2022Rewterz Threat Advisory – CVE-2022-2998 – Google Chrome Browser Creation Vulnerability
September 2, 2022Rewterz Threat Advisory – CVE-2022-37435 – Apache ShenYu Vulnerability
September 2, 2022Rewterz Threat Advisory – CVE-2022-2998 – Google Chrome Browser Creation Vulnerability
September 2, 2022Severity
Medium
Analysis Summary
CVE-2022-36059 CVSS:6.5
Mozilla Thunderbird is vulnerable to a denial of service, caused by an error when using the Matrix chat protocol. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to make it not show all of a user’s rooms or spaces and/or causing minor temporary corruption.
CVE-2022-3034 CVSS:6.5
Mozilla Thunderbird could allow a remote attacker to obtain sensitive information, caused by an error when receiving an HTML email that specified to load an iframe element from a remote location. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to trigger a network request to the remote document.
CVE-2022-3032 CVSS:6.5
Mozilla Thunderbird could allow a remote attacker to bypass security restrictions, caused by the failure to block remote content specified in an HTML document that was nested inside an iframe’s srcdoc attribute. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to access the network.
CVE-2022-3033 CVSS:8.1
Mozilla Thunderbird could allow a remote attacker to obtain sensitive information, caused by the leaking of sensitive information when composing a response to an HTML email with a META refresh tag. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to read and modify the contents of the message compose document.
Impact
- Denial of Service
- Information Disclosure
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-36059
- CVE-2022-3034
- CVE-2022-3032
- CVE-2022-3033
Affected Vendors
Mozilla
Affected Products
- Mozilla Thunderbird 102.2
Remediation
Refer to Mozilla Security Advisory for patch, upgrade or suggested workaround information.
Mozilla Security Advisory