[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2022-0157":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":38,"duplicates":39,"related":40,"reserved_at":9,"published_at":53,"modified_at":54,"state":9,"summary":55,"references_raw":57,"kevs":82,"epss":9,"epss_history":83,"metrics":84,"affected":85},"MGASA-2022-0157","Updated thunderbird packages fix security vulnerabilities\n\nThe updated thunderbird packages fix security vulnerabilities:\n\nUse-after-free in NSSToken objects (CVE-2022-1097).\n\nUse-after-free after VR Process destruction (CVE-2022-1196).\n\nOpenPGP revocation information was ignored (CVE-2022-1197).\n\nDenial of Service via complex regular expressions (CVE-2022-24713).\n\nxmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation\nof encoding, such as checks for whether a UTF-8 character is valid in a\ncertain context (CVE-2022-25235).\n\nxmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert\nnamespace-separator characters into namespace URIs (CVE-2022-25236).\n\nIn Expat (aka libexpat) before 2.4.5, there is an integer overflow in\nstoreRawNames (CVE-2022-25315).\n\nOut of bounds write due to unexpected WebAuthN Extensions (CVE-2022-28281).\n\nUse-after-free in DocumentL10n::TranslateDocument (CVE-2022-28282).\n\nIncorrect AliasSet used in JIT Codegen (CVE-2022-28285).\n\niframe contents could be rendered outside the border (CVE-2022-28286).\n\nMemory safety bugs fixed in Thunderbird 91.8 (CVE-2022-28289).\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36],{"_key":15},"CVE-2022-1097",{"_key":17},"CVE-2022-1196",{"_key":19},"CVE-2022-1197",{"_key":21},"CVE-2022-24713",{"_key":23},"CVE-2022-25235",{"_key":25},"CVE-2022-25236",{"_key":27},"CVE-2022-25315",{"_key":29},"CVE-2022-28281",{"_key":31},"CVE-2022-28282",{"_key":33},"CVE-2022-28285",{"_key":35},"CVE-2022-28286",{"_key":37},"CVE-2022-28289",[],[],[41,42,43,44,45,46,47,48,49,50,51,52],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},"2022-04-28T22:46:19Z","2026-04-16T04:23:52.048264Z",{"cisa_kev":56,"cisa_ransomware":56,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[58,64,69,73,78],{"url":59,"sources":60,"tags":62},"https://advisories.mageia.org/MGASA-2022-0157.html",[61],"osv_mageia",[63],"Advisory",{"url":65,"sources":66,"tags":67},"https://bugs.mageia.org/show_bug.cgi?id=30250",[61],[68],"REPORT",{"url":70,"sources":71,"tags":72},"https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/",[61],[68,63],{"url":74,"sources":75,"tags":76},"https://www.thunderbird.net/en-US/thunderbird/91.8.0/releasenotes/",[61],[68,77],"WEB",{"url":79,"sources":80,"tags":81},"https://www.thunderbird.net/en-US/thunderbird/91.8.1/releasenotes/",[61],[68,77],[],[],[],[86,98],{"ecosystem":87,"name":88,"vendor":89,"product":88,"cpe_part":9,"purl_type":90,"purl_namespace":89,"purl_name":88,"source":9,"versions":91},"Mageia","thunderbird","mageia","rpm",[92],{"version":93,"is_range":94,"range_type":95,"version_start":9,"version_start_type":9,"version_end":96,"version_end_type":97,"fixed_in":9},"lt91_8_1_1_1_mga8",true,"ecosystem","91.8.1-1.1.mga8","excluding",{"ecosystem":87,"name":99,"vendor":89,"product":99,"cpe_part":9,"purl_type":90,"purl_namespace":89,"purl_name":99,"source":9,"versions":100},"thunderbird-l10n",[101],{"version":102,"is_range":94,"range_type":95,"version_start":9,"version_start_type":9,"version_end":103,"version_end_type":97,"fixed_in":9},"lt91_8_1_1_mga8","91.8.1-1.mga8"]