CVE-2022-29913

Опубликовано: 22 дек. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird < 91.9.

Ссылки

https://bugzilla.mozilla.org/show_bug.cgi?id=1764778
Issue Tracking
Permissions Required
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-18/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1764778
Issue Tracking
Permissions Required
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-18/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Версия до 91.9 (исключая)

EPSS

Процентиль: 27%

0.00089

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-285

Связанные уязвимости

CVE-2022-29913

CVSS3: 6.5

ubuntu

больше 2 лет назад

The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird < 91.9.

CVE-2022-29913

CVSS3: 6.1

redhat

около 3 лет назад

The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird < 91.9.

CVE-2022-29913

CVSS3: 6.5

debian

больше 2 лет назад

The parent process would not properly check whether the Speech Synthes ...

GHSA-26j5-r8rm-66gf

CVSS3: 6.5

github

больше 2 лет назад

The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird < 91.9.

BDU:2022-02941

CVSS3: 6.1

fstec

около 3 лет назад

Уязвимость функции SpeechSynthesis почтового клиента Thunderbird, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 27%

0.00089

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-285