6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
47.0%
The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code>
protocols deliver content to Microsoft applications, bypassing the browser,
when a user accepts a prompt. These applications have had known
vulnerabilities, exploited in the wild (although we know of none exploited
through Thunderbird), so in this release Thunderbird has blocked these
protocols from prompting the user to open them.<br>This bug only affects
Thunderbird on Windows. Other operating systems are unaffected.. This
vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird <
102, and Thunderbird < 91.11.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |