MFSA2022-15 Thunderbird: Security Vulnerabilities fixed in Thunderbird 91.8 (CVE-2022-28281)
Description
If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash.
Solution(s)
mozilla-thunderbird-upgrade-91_8
Referenceshttps://attackerkb.com/topics/cve-2022-28281CVE - 2022-28281http://www.mozilla.org/security/announce/2022/mfsa2022-15.html