![]() CVE-2021-38508: Ability to overlay the Permission Prompt to trick the user into granting any permission. ![]() CVE-2021-38507: Bypass the ‘Same-Origin-Policy’ by exploiting the Opportunistic Encryption feature.CVE-2021-38506: Forcing Thunderbird to go into fullscreen mode without user interaction, laying the ground for UI spoofing and phishing attacks.CVE-2021-38505: Windows 10 Cloud Clipboard sensitive data recording, copying sensitive user data to the user’s Microsoft account, increasing the risk of information disclosure.CVE-2021-38504: user-after-free in the file picker dialog, leading to memory corruption and a potentially exploitable crash.CVE-2021-38503: iframe bypass restrictions that allow script execution.Mozilla Thunderbird 91.3 fixes ten flaws discovered by various researchers that cover a broad spectrum of the email client's functionality. Triggering most of the newly discovered bugs requires a user to open a specially crafted website in a browsing context, so the exploitation is relatively simple. Mozilla released Thunderbird 91.3 to fix several high-impact vulnerabilities that can cause a denial of service, spoof the origin, bypass security policies, and allow arbitrary code execution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |