June 29, 2022 Pavel Vasenkov 102.0-alt1
- New version.
- Security fixes:
+ CVE-2022-34479 A popup window could be resized in a way to overlay the address bar with web content
+ CVE-2022-34470 Use-after-free in nsSHistory
+ CVE-2022-34468 CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI
+ CVE-2022-2226 An email with a mismatching OpenPGP signature date was accepted as valid
+ CVE-2022-34481 Potential integer overflow in ReplaceElementsAt
+ CVE-2022-31744 CSP bypass enabling stylesheet injection
+ CVE-2022-34472 Unavailable PAC file resulted in OCSP requests being blocked
+ CVE-2022-34478 Microsoft protocols can be attacked if a user accepts a prompt
+ CVE-2022-2200 Undesired attributes could be set as part of prototype pollution
+ CVE-2022-34484 Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102