Medium
CVE-2022-36059 CVSS:6.5
Mozilla Thunderbird is vulnerable to a denial of service, caused by an error when using the Matrix chat protocol. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to make it not show all of a user’s rooms or spaces and/or causing minor temporary corruption.
CVE-2022-3034 CVSS:6.5
Mozilla Thunderbird could allow a remote attacker to obtain sensitive information, caused by an error when receiving an HTML email that specified to load an iframe element from a remote location. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to trigger a network request to the remote document.
CVE-2022-3032 CVSS:6.5
Mozilla Thunderbird could allow a remote attacker to bypass security restrictions, caused by the failure to block remote content specified in an HTML document that was nested inside an iframe’s srcdoc attribute. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to access the network.
CVE-2022-3033 CVSS:8.1
Mozilla Thunderbird could allow a remote attacker to obtain sensitive information, caused by the leaking of sensitive information when composing a response to an HTML email with a META refresh tag. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to read and modify the contents of the message compose document.
Mozilla
Refer to Mozilla Security Advisory for patch, upgrade or suggested workaround information.
Mozilla Security Advisory