Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-38473

Published: 24 August 2022

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Notes

AuthorNote
mdeslaur
starting with Ubuntu 22.04, the firefox package is just a script
that installs the Firefox snap

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
bionic
Released (104.0+build3-0ubuntu0.18.04.1)
focal
Released (104.0+build3-0ubuntu0.20.04.1)
jammy Not vulnerable
(code not present)
kinetic Not vulnerable
(code not present)
trusty Does not exist

upstream
Released (104)
xenial Needs triage

thunderbird
Launchpad, Ubuntu, Debian
bionic
Released (1:102.2.2+build1-0ubuntu0.18.04.1)
focal
Released (1:102.2.2+build1-0ubuntu0.20.04.1)
jammy
Released (1:102.2.2+build1-0ubuntu0.22.04.1)
kinetic Needs triage

trusty Does not exist

upstream
Released (91.13)
xenial Needs triage