First published: Tue Dec 13 2022(Updated: )
An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Thunderbird | <102.6 | 102.6 |
Mozilla Firefox ESR | <102.6 | 102.6 |
Mozilla Firefox | <108 | 108 |
Mozilla Firefox | <108.0 | |
Mozilla Firefox ESR | <102.6 | |
Mozilla Thunderbird | <102.6 | |
Linux Linux kernel | ||
All of | ||
Mozilla Thunderbird | <102.6 | |
Linux Linux kernel |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2022-46872 is a vulnerability that allows an attacker who compromised a content process to partially escape the sandbox and read arbitrary files via clipboard-related IPC messages.
This vulnerability only affects Thunderbird for Linux. Other operating systems are unaffected.
Thunderbird versions up to and excluding 102.6 and Firefox ESR versions up to and excluding 102.6 are affected.
Firefox versions up to and excluding 108.0 are affected.
CVE-2022-46872 has a severity rating of 8.6 (High).