When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2062-1 advisory.

 - An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. (CVE-2022-1529)

 - If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. (CVE-2022-1802)

 - When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if the signing key or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature. This vulnerability affects Thunderbird < 91.10. (CVE-2022-1834)

 - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
 This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31736)

 - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31737)

 - When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31738)

 - When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31739)

 - On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31740)

 - A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31741)

 - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31742)

 - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
 (CVE-2022-31747)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1921-1 advisory.

 - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
 This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31736)

 - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31737)

 - When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31738)

 - When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31739)

 - On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31740)

 - A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31741)

 - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31742)

 - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
 (CVE-2022-31747)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1920-1 advisory.

 - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
 This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31736)

 - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31737)

 - When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31738)

 - When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31739)

 - On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31740)

 - A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31741)

 - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31742)

 - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
 (CVE-2022-31747)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1927-1 advisory.

 - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
 This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31736)

 - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31737)

 - When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31738)

 - When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31739)

 - On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31740)

 - A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31741)

 - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31742)

 - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
 (CVE-2022-31747)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-thunderbird installed on the remote host is prior to 91.10.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-153-01 advisory.

 - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
 (CVE-2022-31747)

 - When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if the signing key or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature. This vulnerability affects Thunderbird < 91.10. (CVE-2022-1834)

 - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
 This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31736)

 - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31737)

 - When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31738)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-firefox installed on the remote host is prior to 101.0 / 91.10.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-151-01 advisory.

 - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
 (CVE-2022-31747)

 - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
 This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31736)

 - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31737)

 - When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31738)

 - When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31739)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 101.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-20 advisory.

  - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
    (CVE-2022-31736)

  - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a     potentially exploitable crash. (CVE-2022-31737)

  - When exiting fullscreen mode, an iframe could have confused the browser about the current state of     fullscreen, resulting in potential user confusion or spoofing attacks. (CVE-2022-31738)

  - When downloading files on Windows, the % character was not escaped, which could have lead to a download     incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
    This bug only affects Firefox for Windows. Other operating systems are unaffected. (CVE-2022-31739)

  - On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation     problem, and a potentially exploitable crash. (CVE-2022-31740)

  - A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and     potentially further memory corruption. (CVE-2022-31741)

  - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and     detecting the difference between invalid key handles and cross-origin key handles.  This could have led to     cross-origin account linking in violation of WebAuthn goals. (CVE-2022-31742)

  - Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with     other browsers. This could have been used to escape HTML comments on pages that put user-controlled data     in them. (CVE-2022-31743)

  - An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and     in doing so bypass a page's Content Security Policy. (CVE-2022-31744)

  - If array shift operations are not used, the Garbage Collector may have become confused about valid     objects. (CVE-2022-31745)

  - An attacker could have caused an uninitialized variable on the stack to be mistakenly freed, causing a     potentially exploitable crash. (CVE-2022-1919)

  - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory     safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort some of these could have been exploited to run arbitrary     code. (CVE-2022-31747)

  - Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing     Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort some of these could have been exploited to run arbitrary     code. (CVE-2022-31748)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 101.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-20 advisory.

  - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
    (CVE-2022-31736)

  - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a     potentially exploitable crash. (CVE-2022-31737)

  - When exiting fullscreen mode, an iframe could have confused the browser about the current state of     fullscreen, resulting in potential user confusion or spoofing attacks. (CVE-2022-31738)

  - When downloading files on Windows, the % character was not escaped, which could have lead to a download     incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
    This bug only affects Firefox for Windows. Other operating systems are unaffected. (CVE-2022-31739)

  - On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation     problem, and a potentially exploitable crash. (CVE-2022-31740)

  - A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and     potentially further memory corruption. (CVE-2022-31741)

  - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and     detecting the difference between invalid key handles and cross-origin key handles.  This could have led to     cross-origin account linking in violation of WebAuthn goals. (CVE-2022-31742)

  - Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with     other browsers. This could have been used to escape HTML comments on pages that put user-controlled data     in them. (CVE-2022-31743)

  - An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and     in doing so bypass a page's Content Security Policy. (CVE-2022-31744)

  - If array shift operations are not used, the Garbage Collector may have become confused about valid     objects. (CVE-2022-31745)

  - An attacker could have caused an uninitialized variable on the stack to be mistakenly freed, causing a     potentially exploitable crash. (CVE-2022-1919)

  - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory     safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort some of these could have been exploited to run arbitrary     code. (CVE-2022-31747)

  - Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing     Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort some of these could have been exploited to run arbitrary     code. (CVE-2022-31748)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-22 advisory.

  - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
    (CVE-2022-31736)

  - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a     potentially exploitable crash. (CVE-2022-31737)

  - When exiting fullscreen mode, an iframe could have confused the browser about the current state of     fullscreen, resulting in potential user confusion or spoofing attacks. (CVE-2022-31738)

  - When downloading files on Windows, the % character was not escaped, which could have lead to a download     incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
    This bug only affects Thunderbird for Windows. Other operating systems are unaffected. (CVE-2022-31739)

  - On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation     problem, and a potentially exploitable crash. (CVE-2022-31740)

  - A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and     potentially further memory corruption. (CVE-2022-31741)

  - When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space     character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an     attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary     sender email address chosen by the attacker. If the sender name started with a false email address,     followed by many Braille space characters, the attacker's email address was not visible. Because     Thunderbird compared the invisible sender address with the signature's email address, if the signing key     or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature.
    (CVE-2022-1834)

  - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and     detecting the difference between invalid key handles and cross-origin key handles.  This could have led to     cross-origin account linking in violation of WebAuthn goals. (CVE-2022-31742)

  - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory     safety bugs present in Thunderbird 91.9. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2022-31747)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 91.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-22 advisory.

  - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
    (CVE-2022-31736)

  - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a     potentially exploitable crash. (CVE-2022-31737)

  - When exiting fullscreen mode, an iframe could have confused the browser about the current state of     fullscreen, resulting in potential user confusion or spoofing attacks. (CVE-2022-31738)

  - When downloading files on Windows, the % character was not escaped, which could have lead to a download     incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
    This bug only affects Thunderbird for Windows. Other operating systems are unaffected. (CVE-2022-31739)

  - On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation     problem, and a potentially exploitable crash. (CVE-2022-31740)

  - A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and     potentially further memory corruption. (CVE-2022-31741)

  - When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space     character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an     attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary     sender email address chosen by the attacker. If the sender name started with a false email address,     followed by many Braille space characters, the attacker's email address was not visible. Because     Thunderbird compared the invisible sender address with the signature's email address, if the signing key     or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature.
    (CVE-2022-1834)

  - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and     detecting the difference between invalid key handles and cross-origin key handles.  This could have led to     cross-origin account linking in violation of WebAuthn goals. (CVE-2022-31742)

  - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory     safety bugs present in Thunderbird 91.9. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2022-31747)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 91.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-21 advisory.

  - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
    (CVE-2022-31736)

  - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a     potentially exploitable crash. (CVE-2022-31737)

  - When exiting fullscreen mode, an iframe could have confused the browser about the current state of     fullscreen, resulting in potential user confusion or spoofing attacks. (CVE-2022-31738)

  - When downloading files on Windows, the % character was not escaped, which could have lead to a download     incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
    This bug only affects Firefox for Windows. Other operating systems are unaffected. (CVE-2022-31739)

  - On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation     problem, and a potentially exploitable crash. (CVE-2022-31740)

  - A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and     potentially further memory corruption. (CVE-2022-31741)

  - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and     detecting the difference between invalid key handles and cross-origin key handles.  This could have led to     cross-origin account linking in violation of WebAuthn goals. (CVE-2022-31742)

  - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory     safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort some of these could have been exploited to run arbitrary     code. (CVE-2022-31747)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-21 advisory.

  - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
    (CVE-2022-31736)

  - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a     potentially exploitable crash. (CVE-2022-31737)

  - When exiting fullscreen mode, an iframe could have confused the browser about the current state of     fullscreen, resulting in potential user confusion or spoofing attacks. (CVE-2022-31738)

  - When downloading files on Windows, the % character was not escaped, which could have lead to a download     incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
    This bug only affects Firefox for Windows. Other operating systems are unaffected. (CVE-2022-31739)

  - On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation     problem, and a potentially exploitable crash. (CVE-2022-31740)

  - A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and     potentially further memory corruption. (CVE-2022-31741)

  - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and     detecting the difference between invalid key handles and cross-origin key handles.  This could have led to     cross-origin account linking in violation of WebAuthn goals. (CVE-2022-31742)

  - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory     safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort some of these could have been exploited to run arbitrary     code. (CVE-2022-31747)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
162207	SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2022:2062-1)	Nessus	SuSE Local Security Checks	critical
161831	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2022:1921-1)	Nessus	SuSE Local Security Checks	critical
161828	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:1920-1)	Nessus	SuSE Local Security Checks	critical
161822	SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:1927-1)	Nessus	SuSE Local Security Checks	critical
161793	Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-153-01)	Nessus	Slackware Local Security Checks	critical
161748	Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2022-151-01)	Nessus	Slackware Local Security Checks	critical
161716	Mozilla Firefox < 101.0	Nessus	Windows	critical
161715	Mozilla Firefox < 101.0	Nessus	MacOS X Local Security Checks	critical
161714	Mozilla Thunderbird < 91.10	Nessus	MacOS X Local Security Checks	critical
161713	Mozilla Thunderbird < 91.10	Nessus	Windows	critical
161712	Mozilla Firefox ESR < 91.10	Nessus	Windows	critical
161711	Mozilla Firefox ESR < 91.10	Nessus	MacOS X Local Security Checks	critical

Detections

Analytics

CVE-2022-31739

high

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical