A vulnerability exists in the Windows sandbox where an...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Nov 25, 2025
Description
Published by the National Vulnerability Database
Jul 23, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Nov 25, 2025
A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
References