QID 353262

a flaw was found in thunderbird.
The vulnerability occurs due to an out-of-bounds write of one byte when processing the message.
This flaw allows an attacker to craft an email message that causes thunderbird to perform an out-of-bounds write. (
( CVE-2022-0566) a flaw was found in expat.
Passing malformed 2- and 3-byte utf-8 sequences (for example, from start tag names) to the xml processing application on top of expat can lead to arbitrary code execution.
This issue is dependent on how invalid utf-8 is handled inside the xml processor. (
( CVE-2022-25235) a flaw was found in expat.
Passing one or more namespace separator characters in the "xmlns[:prefix]" attribute values made expat send malformed tag names to the xml processor on top of expat.
This issue causes arbitrary code execution depending on how unexpected cases are handled inside the xml processor. (
( CVE-2022-25236) an integer overflow was found in expat.
The issue occurs in storerawnames() by abusing the m_buffer expansion logic to allow allocations very close to int_max and out-of-bounds heap writes.
This flaw can cause a denial of service or potentially arbitrary code execution. (
( CVE-2022-25315) the mozilla foundation security advisory describes this flaw as: an attacker could have caused a use-after-free by forcing a text reflow in an svg object leading to a potentially exploitable crash. (
( CVE-2022-26381) the mozilla foundation security advisory describes this flaw as when resizing a popup after requesting fullscreen access

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.