Total
30338 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34478 | 2025-04-15 | N/A | 6.5 MEDIUM | ||
| The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.<br>*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. | |||||
| CVE-2022-34477 | 2025-04-15 | N/A | 7.5 HIGH | ||
| The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102. | |||||
| CVE-2022-34476 | 2025-04-15 | N/A | 9.8 CRITICAL | ||
| ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102. | |||||
| CVE-2022-34471 | 2025-04-15 | N/A | 6.5 MEDIUM | ||
| When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102. | |||||
| CVE-2022-34468 | 2025-04-15 | N/A | 8.8 HIGH | ||
| An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. | |||||
| CVE-2022-31748 | 2025-04-15 | N/A | 9.8 CRITICAL | ||
| Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 101. | |||||
| CVE-2022-31742 | 2025-04-15 | N/A | 6.5 MEDIUM | ||
| An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | |||||
| CVE-2022-45186 | 1 Salesagility | 1 Suitecrm | 2025-04-15 | N/A | 8.1 HIGH |
| An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database. | |||||
| CVE-2022-34483 | 2025-04-15 | N/A | 8.8 HIGH | ||
| An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. This vulnerability affects Firefox < 102. | |||||
| CVE-2022-34482 | 2025-04-15 | N/A | 8.8 HIGH | ||
| An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. This vulnerability affects Firefox < 102. | |||||
| CVE-2025-2954 | 1 Mannaandpoem | 1 Openmanus | 2025-04-15 | 1.7 LOW | 3.3 LOW |
| A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-40957 | 2025-04-15 | N/A | 6.5 MEDIUM | ||
| Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. | |||||
| CVE-2022-36319 | 2025-04-15 | N/A | 7.5 HIGH | ||
| When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. | |||||
| CVE-2022-42929 | 2025-04-15 | N/A | 6.5 MEDIUM | ||
| If a website called <code>window.print()</code> in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106. | |||||
| CVE-2022-40899 | 2025-04-15 | N/A | 7.5 HIGH | ||
| An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. | |||||
| CVE-2022-40898 | 2025-04-15 | N/A | 7.5 HIGH | ||
| An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. | |||||
| CVE-2022-3155 | 2025-04-15 | N/A | 7.8 HIGH | ||
| When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3. | |||||
| CVE-2022-29915 | 2025-04-15 | N/A | 4.3 MEDIUM | ||
| The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100. | |||||
| CVE-2022-46871 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2025-04-15 | N/A | 8.8 HIGH |
| An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. | |||||
| CVE-2022-45415 | 2025-04-15 | N/A | 7.8 HIGH | ||
| When downloading an HTML file, if the title of the page was formatted as a filename with a malicious extension, Firefox may have saved the file with that extension, leading to possible system compromise if the downloaded file was later ran. This vulnerability affects Firefox < 107. | |||||