vulnerability

Oracle Linux: CVE-2022-22760: ELSA-2022-0538: thunderbird security update (IMPORTANT) (Multiple Advisories)

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
Feb 8, 2022
Added
Feb 15, 2022
Modified
Jan 7, 2025

Description

When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin.

Solution(s)

oracle-linux-upgrade-firefoxoracle-linux-upgrade-thunderbird
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.