In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop
. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.
Insufficient vetting of parameters passed with the Prompt:Open
IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer.