When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31739)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2062-1 advisory.

 - An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. (CVE-2022-1529)

 - If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1. (CVE-2022-1802)

 - When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if the signing key or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature. This vulnerability affects Thunderbird < 91.10. (CVE-2022-1834)

 - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
 This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31736)

 - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31737)

 - When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31738)

 - When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31739)

 - On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31740)

 - A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31741)

 - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31742)

 - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
 (CVE-2022-31747)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1921-1 advisory.

 - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
 This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31736)

 - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31737)

 - When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31738)

 - When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31739)

 - On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31740)

 - A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31741)

 - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31742)

 - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
 (CVE-2022-31747)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1920-1 advisory.

 - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
 This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31736)

 - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31737)

 - When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31738)

 - When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31739)

 - On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31740)

 - A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31741)

 - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31742)

 - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
 (CVE-2022-31747)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1927-1 advisory.

 - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
 This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31736)

 - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31737)

 - When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31738)

 - When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31739)

 - On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31740)

 - A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31741)

 - An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31742)

 - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
 (CVE-2022-31747)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-thunderbird installed on the remote host is prior to 91.10.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-153-01 advisory.

 - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
 (CVE-2022-31747)

 - When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if the signing key or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature. This vulnerability affects Thunderbird < 91.10. (CVE-2022-1834)

 - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
 This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31736)

 - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31737)

 - When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31738)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-firefox installed on the remote host is prior to 101.0 / 91.10.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-151-01 advisory.

 - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
 (CVE-2022-31747)

 - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
 This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31736)

 - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31737)

 - When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31738)

 - When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. (CVE-2022-31739)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 101.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-20 advisory.

  - Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing     Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort some of these could have been exploited to run arbitrary     code. (CVE-2022-31748)

  - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
    (CVE-2022-31736)

  - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a     potentially exploitable crash. (CVE-2022-31737)

  - When exiting fullscreen mode, an iframe could have confused the browser about the current state of     fullscreen, resulting in potential user confusion or spoofing attacks. (CVE-2022-31738)

  - When downloading files on Windows, the % character was not escaped, which could have lead to a download     incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
    This bug only affects Firefox for Windows. Other operating systems are unaffected. (CVE-2022-31739)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 101.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-20 advisory.

  - Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing     Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort some of these could have been exploited to run arbitrary     code. (CVE-2022-31748)

  - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
    (CVE-2022-31736)

  - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a     potentially exploitable crash. (CVE-2022-31737)

  - When exiting fullscreen mode, an iframe could have confused the browser about the current state of     fullscreen, resulting in potential user confusion or spoofing attacks. (CVE-2022-31738)

  - When downloading files on Windows, the % character was not escaped, which could have lead to a download     incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
    This bug only affects Firefox for Windows. Other operating systems are unaffected. (CVE-2022-31739)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-22 advisory.

  - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory     safety bugs present in Thunderbird 91.9. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2022-31747)

  - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
    (CVE-2022-31736)

  - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a     potentially exploitable crash. (CVE-2022-31737)

  - When exiting fullscreen mode, an iframe could have confused the browser about the current state of     fullscreen, resulting in potential user confusion or spoofing attacks. (CVE-2022-31738)

  - When downloading files on Windows, the % character was not escaped, which could have lead to a download     incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
    This bug only affects Thunderbird for Windows. Other operating systems are unaffected. (CVE-2022-31739)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 91.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-22 advisory.

  - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory     safety bugs present in Thunderbird 91.9. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2022-31747)

  - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
    (CVE-2022-31736)

  - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a     potentially exploitable crash. (CVE-2022-31737)

  - When exiting fullscreen mode, an iframe could have confused the browser about the current state of     fullscreen, resulting in potential user confusion or spoofing attacks. (CVE-2022-31738)

  - When downloading files on Windows, the % character was not escaped, which could have lead to a download     incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
    This bug only affects Thunderbird for Windows. Other operating systems are unaffected. (CVE-2022-31739)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 91.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-21 advisory.

  - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory     safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort some of these could have been exploited to run arbitrary     code. (CVE-2022-31747)

  - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
    (CVE-2022-31736)

  - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a     potentially exploitable crash. (CVE-2022-31737)

  - When exiting fullscreen mode, an iframe could have confused the browser about the current state of     fullscreen, resulting in potential user confusion or spoofing attacks. (CVE-2022-31738)

  - When downloading files on Windows, the % character was not escaped, which could have lead to a download     incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
    This bug only affects Firefox for Windows. Other operating systems are unaffected. (CVE-2022-31739)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-21 advisory.

  - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory     safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort some of these could have been exploited to run arbitrary     code. (CVE-2022-31747)

  - A malicious website could have learned the size of a cross-origin resource that supported Range requests.
    (CVE-2022-31736)

  - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a     potentially exploitable crash. (CVE-2022-31737)

  - When exiting fullscreen mode, an iframe could have confused the browser about the current state of     fullscreen, resulting in potential user confusion or spoofing attacks. (CVE-2022-31738)

  - When downloading files on Windows, the % character was not escaped, which could have lead to a download     incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
    This bug only affects Firefox for Windows. Other operating systems are unaffected. (CVE-2022-31739)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
246619	Linux Distros Unpatched Vulnerability : CVE-2022-31739	Nessus	Misc.	high
162207	SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2022:2062-1)	Nessus	SuSE Local Security Checks	critical
161831	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2022:1921-1)	Nessus	SuSE Local Security Checks	critical
161828	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:1920-1)	Nessus	SuSE Local Security Checks	critical
161822	SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:1927-1)	Nessus	SuSE Local Security Checks	critical
161793	Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-153-01)	Nessus	Slackware Local Security Checks	critical
161748	Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2022-151-01)	Nessus	Slackware Local Security Checks	critical
161716	Mozilla Firefox < 101.0	Nessus	Windows	critical
161715	Mozilla Firefox < 101.0	Nessus	MacOS X Local Security Checks	critical
161714	Mozilla Thunderbird < 91.10	Nessus	MacOS X Local Security Checks	critical
161713	Mozilla Thunderbird < 91.10	Nessus	Windows	critical
161712	Mozilla Firefox ESR < 91.10	Nessus	Windows	critical
161711	Mozilla Firefox ESR < 91.10	Nessus	MacOS X Local Security Checks	critical

Detections

Analytics

CVE-2022-31739

high

Tenable Plugins

high

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical