Vulnerability-Lookup

CVE-2022-3034 (GCVE-0-2022-3034)

Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-15 16:00

Summary

When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE

An iframe element in an HTML email could trigger a network request

Assigner

mozilla

References

3 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://bugzilla.mozilla.org/show_bug.cgi?id=1745751

Impacted products

1 product

Vendor	Product	Version
Mozilla	Thunderbird	Affected: unspecified , < 102.2.1 (custom) Affected: unspecified , < 91.13.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:00:10.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-38/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-39/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745751"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-3034",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T15:59:36.253165Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1021",
                "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T16:00:05.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "102.2.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "91.13.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When receiving an HTML email that specified to load an \u003ccode\u003eiframe\u003c/code\u003e element from a remote location, a request to the remote document was sent. However, Thunderbird didn\u0027t display the document. This vulnerability affects Thunderbird \u003c 102.2.1 and Thunderbird \u003c 91.13.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An iframe element in an HTML email could trigger a network request",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-22T00:00:00.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2022-38/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2022-39/"
        },
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745751"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2022-3034",
    "datePublished": "2022-12-22T00:00:00.000Z",
    "dateReserved": "2022-08-29T00:00:00.000Z",
    "dateUpdated": "2025-04-15T16:00:05.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-3034",
      "date": "2026-05-20",
      "epss": "0.00213",
      "percentile": "0.43676"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"91.31.1\", \"matchCriteriaId\": \"BFA72B75-E08B-4265-B9F5-1F4C940D0D24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"102.0\", \"versionEndExcluding\": \"102.2.1\", \"matchCriteriaId\": \"576EEF40-52A5-4876-843C-2648CBA74475\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"When receiving an HTML email that specified to load an \u003ccode\u003eiframe\u003c/code\u003e element from a remote location, a request to the remote document was sent. However, Thunderbird didn\u0027t display the document. This vulnerability affects Thunderbird \u003c 102.2.1 and Thunderbird \u003c 91.13.1.\"}, {\"lang\": \"es\", \"value\": \"Al recibir un correo electr\\u00f3nico HTML que especificaba cargar un elemento \u003ccode\u003eiframe\u003c/code\u003e desde una ubicaci\\u00f3n remota, se envi\\u00f3 una solicitud al documento remoto. Sin embargo, Thunderbird no mostr\\u00f3 el documento. Esta vulnerabilidad afecta a Thunderbird \u0026lt; 102.2.1 y Thunderbird \u0026lt; 91.13.1.\"}]",
      "id": "CVE-2022-3034",
      "lastModified": "2024-11-21T07:18:40.767",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
      "published": "2022-12-22T20:15:38.133",
      "references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1745751\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-38/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-39/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1745751\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-38/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-39/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1021\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-3034\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2022-12-22T20:15:38.133\",\"lastModified\":\"2025-04-15T16:15:18.717\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When receiving an HTML email that specified to load an \u003ccode\u003eiframe\u003c/code\u003e element from a remote location, a request to the remote document was sent. However, Thunderbird didn\u0027t display the document. This vulnerability affects Thunderbird \u003c 102.2.1 and Thunderbird \u003c 91.13.1.\"},{\"lang\":\"es\",\"value\":\"Al recibir un correo electr\u00f3nico HTML que especificaba cargar un elemento \u003ccode\u003eiframe\u003c/code\u003e desde una ubicaci\u00f3n remota, se envi\u00f3 una solicitud al documento remoto. Sin embargo, Thunderbird no mostr\u00f3 el documento. Esta vulnerabilidad afecta a Thunderbird \u0026lt; 102.2.1 y Thunderbird \u0026lt; 91.13.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1021\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1021\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"91.31.1\",\"matchCriteriaId\":\"BFA72B75-E08B-4265-B9F5-1F4C940D0D24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"102.0\",\"versionEndExcluding\":\"102.2.1\",\"matchCriteriaId\":\"576EEF40-52A5-4876-843C-2648CBA74475\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1745751\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-38/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-39/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1745751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-38/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-39/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-38/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-39/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1745751\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T01:00:10.217Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-3034\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-15T15:59:36.253165Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1021\", \"description\": \"CWE-1021 Improper Restriction of Rendered UI Layers or Frames\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-15T15:59:58.122Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"102.2.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"91.13.1\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-38/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-39/\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1745751\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"When receiving an HTML email that specified to load an \u003ccode\u003eiframe\u003c/code\u003e element from a remote location, a request to the remote document was sent. However, Thunderbird didn\u0027t display the document. This vulnerability affects Thunderbird \u003c 102.2.1 and Thunderbird \u003c 91.13.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"An iframe element in an HTML email could trigger a network request\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2022-12-22T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-3034\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-15T16:00:05.338Z\", \"dateReserved\": \"2022-08-29T00:00:00.000Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2022-12-22T00:00:00.000Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2022-AVI-786

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird versions antérieures à 102.2.1

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2022-38 du 31 août 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 102.2.1",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-3034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3034"
    },
    {
      "name": "CVE-2022-3033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3033"
    },
    {
      "name": "CVE-2022-3032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3032"
    },
    {
      "name": "CVE-2022-36059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36059"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-786",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-38 du 31 ao\u00fbt 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/"
    }
  ]
}

CERTFR-2022-AVI-835

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird versions antérieures à 91.13.1

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2022-39 du 19 septembre 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 91.13.1",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-3034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3034"
    },
    {
      "name": "CVE-2022-3033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3033"
    },
    {
      "name": "CVE-2022-3032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3032"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-835",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-39 du 19 septembre 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-39/"
    }
  ]
}

CERTFR-2022-AVI-786

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird versions antérieures à 102.2.1

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2022-38 du 31 août 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 102.2.1",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-3034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3034"
    },
    {
      "name": "CVE-2022-3033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3033"
    },
    {
      "name": "CVE-2022-3032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3032"
    },
    {
      "name": "CVE-2022-36059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36059"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-786",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-38 du 31 ao\u00fbt 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/"
    }
  ]
}

CERTFR-2022-AVI-835

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird versions antérieures à 91.13.1

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2022-39 du 19 septembre 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird versions ant\u00e9rieures \u00e0 91.13.1",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-3034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3034"
    },
    {
      "name": "CVE-2022-3033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3033"
    },
    {
      "name": "CVE-2022-3032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3032"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-835",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-39 du 19 septembre 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-39/"
    }
  ]
}

alsa-2022:6708

Vulnerability from osv_almalinux

Published

2022-09-26 00:00

Modified

2022-10-14 15:08

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.3.0.

Security Fix(es):

Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag (CVE-2022-3033)
Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959)
Mozilla: Data-race when parsing non-UTF-8 URLs in threads (CVE-2022-40960)
Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 (CVE-2022-40962)
Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked (CVE-2022-3032)
Mozilla: An iframe element in an HTML email could trigger a network request (CVE-2022-3034)
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2022-36059)
Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix (CVE-2022-40958)
Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)
Mozilla: Incoherent instruction cache when building WASM on ARM64 (CVE-2022-40957)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2022:6708	ADVISORY
	https://access.redhat.com/security/cve/CVE-2022-3032	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3033	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3034	REPORT
	https://access.redhat.com/security/cve/CVE-2022-36059	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40956	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40957	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40958	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40959	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40960	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40962	REPORT
	https://bugzilla.redhat.com/2123255	REPORT
	https://bugzilla.redhat.com/2123256	REPORT
	https://bugzilla.redhat.com/2123257	REPORT
	https://bugzilla.redhat.com/2123258	REPORT
	https://bugzilla.redhat.com/2128792	REPORT
	https://bugzilla.redhat.com/2128793	REPORT
	https://bugzilla.redhat.com/2128794	REPORT
	https://bugzilla.redhat.com/2128795	REPORT
	https://bugzilla.redhat.com/2128796	REPORT
	https://bugzilla.redhat.com/2128797	REPORT
	https://errata.almalinux.org/8/ALSA-2022-6708.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.3.0-3.el8_6.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.3.0.\n\nSecurity Fix(es):\n\n* Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag (CVE-2022-3033)\n* Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959)\n* Mozilla: Data-race when parsing non-UTF-8 URLs in threads (CVE-2022-40960)\n* Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 (CVE-2022-40962)\n* Mozilla: Remote content specified in an HTML document that was nested inside an iframe\u0027s srcdoc attribute was not blocked (CVE-2022-3032)\n* Mozilla: An iframe element in an HTML email could trigger a network request (CVE-2022-3034)\n* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2022-36059)\n* Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix (CVE-2022-40958)\n* Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)\n* Mozilla: Incoherent instruction cache when building WASM on ARM64 (CVE-2022-40957)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2022:6708",
  "modified": "2022-10-14T15:08:36Z",
  "published": "2022-09-26T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2022:6708"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3032"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3033"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3034"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-36059"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40956"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40957"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40958"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40959"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40960"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40962"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123255"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123256"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123257"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123258"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128792"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128793"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128794"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128795"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128796"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128797"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2022-6708.html"
    }
  ],
  "related": [
    "CVE-2022-3033",
    "CVE-2022-40959",
    "CVE-2022-40960",
    "CVE-2022-40962",
    "CVE-2022-3032",
    "CVE-2022-3034",
    "CVE-2022-36059",
    "CVE-2022-40958",
    "CVE-2022-40956",
    "CVE-2022-40957"
  ],
  "summary": "Important: thunderbird security update"
}

alsa-2022:6717

Vulnerability from osv_almalinux

Published

2022-09-26 00:00

Modified

2022-10-19 07:24

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.3.0.

Security Fix(es):

Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag (CVE-2022-3033)
Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959)
Mozilla: Data-race when parsing non-UTF-8 URLs in threads (CVE-2022-40960)
Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 (CVE-2022-40962)
Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked (CVE-2022-3032)
Mozilla: An iframe element in an HTML email could trigger a network request (CVE-2022-3034)
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2022-36059)
Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix (CVE-2022-40958)
Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)
Mozilla: Incoherent instruction cache when building WASM on ARM64 (CVE-2022-40957)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2022:6717	ADVISORY
	https://access.redhat.com/security/cve/CVE-2022-3032	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3033	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3034	REPORT
	https://access.redhat.com/security/cve/CVE-2022-36059	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40956	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40957	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40958	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40959	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40960	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40962	REPORT
	https://bugzilla.redhat.com/2123255	REPORT
	https://bugzilla.redhat.com/2123256	REPORT
	https://bugzilla.redhat.com/2123257	REPORT
	https://bugzilla.redhat.com/2123258	REPORT
	https://bugzilla.redhat.com/2128792	REPORT
	https://bugzilla.redhat.com/2128793	REPORT
	https://bugzilla.redhat.com/2128794	REPORT
	https://bugzilla.redhat.com/2128795	REPORT
	https://bugzilla.redhat.com/2128796	REPORT
	https://bugzilla.redhat.com/2128797	REPORT
	https://errata.almalinux.org/9/ALSA-2022-6717.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.3.0-3.el9_0.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.3.0.\n\nSecurity Fix(es):\n\n* Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag (CVE-2022-3033)\n* Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959)\n* Mozilla: Data-race when parsing non-UTF-8 URLs in threads (CVE-2022-40960)\n* Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 (CVE-2022-40962)\n* Mozilla: Remote content specified in an HTML document that was nested inside an iframe\u0027s srcdoc attribute was not blocked (CVE-2022-3032)\n* Mozilla: An iframe element in an HTML email could trigger a network request (CVE-2022-3034)\n* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2022-36059)\n* Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix (CVE-2022-40958)\n* Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)\n* Mozilla: Incoherent instruction cache when building WASM on ARM64 (CVE-2022-40957)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2022:6717",
  "modified": "2022-10-19T07:24:33Z",
  "published": "2022-09-26T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2022:6717"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3032"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3033"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3034"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-36059"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40956"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40957"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40958"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40959"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40960"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40962"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123255"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123256"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123257"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123258"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128792"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128793"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128794"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128795"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128796"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128797"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2022-6717.html"
    }
  ],
  "related": [
    "CVE-2022-3033",
    "CVE-2022-40959",
    "CVE-2022-40960",
    "CVE-2022-40962",
    "CVE-2022-3032",
    "CVE-2022-3034",
    "CVE-2022-36059",
    "CVE-2022-40958",
    "CVE-2022-40956",
    "CVE-2022-40957"
  ],
  "summary": "Important: thunderbird security update"
}

BDU:2022-05479

Vulnerability from fstec - Published: 31.08.2022

Title

Уязвимость изолированной среды iframe почтового клиента Thunderbird, позволяющая нарушителю обойти существующие ограничения безопасности

Description

Уязвимость изолированной среды iframe почтового клиента Thunderbird связана с ошибками при обработке входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти существующие ограничения безопасности с помощью отправки специально сформированного электронного письма

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

ООО «РусБИТех-Астра», ООО «Ред Софт», ФССП России, АО «ИВК», Mozilla Corp., АО "НППКТ"

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), РЕД ОС (запись в едином реестре российских программ №3751), ОС ТД АИС ФССП России, Альт 8 СП (запись в едином реестре российских программ №4305), Thunderbird, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

1.6 «Смоленск» (Astra Linux Special Edition), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), ИК6 (ОС ТД АИС ФССП России), - (Альт 8 СП), до 102.2.1 (Thunderbird), 4.7 (Astra Linux Special Edition), до 2.6 (ОСОН ОСнова Оnyx)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - использование средств антивирусной защиты с функцией контроля доступа к веб-ресурсам; - контролируемый доступ в сеть Интернет – регламентация разрешенных сетевых ресурсов и соединений; - запуск приложений от имени пользователя с минимальными возможными привилегиями в операционной системе; - применение систем обнаружения и предотвращения вторжений. Использование рекомендаций производителя: https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3034 Для ОС ТД АИС ФССП России: https://goslinux.fssp.gov.ru/2726972/ Для Ред ОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОСОН ОСнова Оnyx: Обновление программного обеспечения thunderbird до версии 1:102.4.0+repack-1~deb10u1.osnova1 Для ОС Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16 Для ОС Astra Linux Special Edition 1.7: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD Для ОС Astra Linux Special Edition 4.7 для архитектуры ARM: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Reference

https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3034 https://goslinux.fssp.gov.ru/2726972/ http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.6/ https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-79

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Mozilla Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), \u0418\u041a6 (\u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 102.2.1 (Thunderbird), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.6 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u0441 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u0435\u0431-\u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c;\n- \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0432 \u0441\u0435\u0442\u044c \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u2013 \u0440\u0435\u0433\u043b\u0430\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u044f \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439;\n- \u0437\u0430\u043f\u0443\u0441\u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435;\n- \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3034\n\n\u0414\u043b\u044f \u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438:\nhttps://goslinux.fssp.gov.ru/2726972/\n\n\u0414\u043b\u044f \u0420\u0435\u0434 \u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:102.4.0+repack-1~deb10u1.osnova1\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "31.08.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "17.03.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.09.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05479",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-3034",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Thunderbird, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438 \u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438 \u0418\u041a6 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.6  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b iframe \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u044b iframe \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0433\u043e \u043f\u0438\u0441\u044c\u043c\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3034\nhttps://goslinux.fssp.gov.ru/2726972/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.6/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

FKIE_CVE-2022-3034

Vulnerability from fkie_nvd - Published: 2022-12-22 20:15 - Updated: 2025-04-15 16:15

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

References

URL	Tags
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1745751	Issue Tracking, Permissions Required, Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2022-38/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2022-39/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1745751	Issue Tracking, Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2022-38/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2022-39/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	mozilla	thunderbird	*
	mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFA72B75-E08B-4265-B9F5-1F4C940D0D24",
              "versionEndExcluding": "91.31.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "576EEF40-52A5-4876-843C-2648CBA74475",
              "versionEndExcluding": "102.2.1",
              "versionStartIncluding": "102.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When receiving an HTML email that specified to load an \u003ccode\u003eiframe\u003c/code\u003e element from a remote location, a request to the remote document was sent. However, Thunderbird didn\u0027t display the document. This vulnerability affects Thunderbird \u003c 102.2.1 and Thunderbird \u003c 91.13.1."
    },
    {
      "lang": "es",
      "value": "Al recibir un correo electr\u00f3nico HTML que especificaba cargar un elemento \u003ccode\u003eiframe\u003c/code\u003e desde una ubicaci\u00f3n remota, se envi\u00f3 una solicitud al documento remoto. Sin embargo, Thunderbird no mostr\u00f3 el documento. Esta vulnerabilidad afecta a Thunderbird \u0026lt; 102.2.1 y Thunderbird \u0026lt; 91.13.1."
    }
  ],
  "id": "CVE-2022-3034",
  "lastModified": "2025-04-15T16:15:18.717",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-12-22T20:15:38.133",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745751"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-38/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-39/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-38/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-39/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1021"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1021"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-WRFX-QXXC-92RJ

Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 18:31

Details

When receiving an HTML email that specified to load an iframe element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

Severity ?

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-3034"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1021"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-22T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "When receiving an HTML email that specified to load an \u003ccode\u003eiframe\u003c/code\u003e element from a remote location, a request to the remote document was sent. However, Thunderbird didn\u0027t display the document. This vulnerability affects Thunderbird \u003c 102.2.1 and Thunderbird \u003c 91.13.1.",
  "id": "GHSA-wrfx-qxxc-92rj",
  "modified": "2025-04-15T18:31:34Z",
  "published": "2022-12-22T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3034"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745751"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-38"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-39"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-3034

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-3034

Aliases

CVE-2022-3034

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-3034",
    "id": "GSD-2022-3034",
    "references": [
      "https://access.redhat.com/errata/RHSA-2022:6708",
      "https://access.redhat.com/errata/RHSA-2022:6710",
      "https://access.redhat.com/errata/RHSA-2022:6713",
      "https://access.redhat.com/errata/RHSA-2022:6715",
      "https://access.redhat.com/errata/RHSA-2022:6716",
      "https://access.redhat.com/errata/RHSA-2022:6717",
      "https://ubuntu.com/security/CVE-2022-3034"
    ]
  },
  "gsd": {
    "affected": [
      {
        "package": {
          "ecosystem": "Mozilla",
          "name": "Thunderbird"
        },
        "ranges": [
          {
            "events": [
              {
                "fixed": "91.13.1"
              },
              {
                "introduced": "0"
              },
              {
                "fixed": "102.2.1"
              },
              {
                "introduced": "0"
              }
            ],
            "type": "SEMVER"
          }
        ],
        "version": []
      }
    ],
    "alias": [
      "CVE-2022-3034"
    ],
    "database_specific": {
      "GSD": {
        "alias": "CVE-2022-3034",
        "id": "GSD-2022-3034",
        "references": [
          "https://www.suse.com/security/cve/CVE-2022-3034.html"
        ]
      }
    },
    "details": "When receiving an HTML email that specified to load an \u003ccode\u003eiframe\u003c/code\u003e element from a remote location, a request to the remote document was sent. However, Thunderbird didn\u0027t display the document. This vulnerability affects Thunderbird \u003c 91.13.1 and Thunderbird \u003c 102.2.1.",
    "id": "GSD-2022-3034",
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "modified": "2022-09-27T16:35:18.097826Z",
    "osvSchema": {
      "aliases": [
        "CVE-2022-3034"
      ],
      "details": "When receiving an HTML email that specified to load an \u003ccode\u003eiframe\u003c/code\u003e element from a remote location, a request to the remote document was sent. However, Thunderbird didn\u0027t display the document. This vulnerability affects Thunderbird \u003c 102.2.1 and Thunderbird \u003c 91.13.1.",
      "id": "GSD-2022-3034",
      "modified": "2023-12-13T01:19:39.960081Z",
      "schema_version": "1.4.0"
    },
    "references": [
      {
        "type": "ADVISORY",
        "url": "https://www.mozilla.org/security/advisories/mfsa2022-39/"
      },
      {
        "type": "ADVISORY",
        "url": "https://www.mozilla.org/security/advisories/mfsa2022-38/"
      },
      {
        "type": "ADVISORY",
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745751"
      },
      {
        "type": "ADVISORY",
        "url": "https://www.suse.com/security/cve/CVE-2022-3034.html"
      }
    ],
    "schema_version": "1.3.0",
    "summary": "When receiving an HTML email that specified to load an \u003ccode\u003eiframe\u003c/code\u003e element from a remote location, a request to the remote document was sent. However, Thunderbird didn\u0027t display the document. This vulnerability affects Thunderbird \u003c 91.13.1 and Thunderbird \u003c 102.2.1."
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2022-3034",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "102.2.1"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "91.13.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "When receiving an HTML email that specified to load an \u003ccode\u003eiframe\u003c/code\u003e element from a remote location, a request to the remote document was sent. However, Thunderbird didn\u0027t display the document. This vulnerability affects Thunderbird \u003c 102.2.1 and Thunderbird \u003c 91.13.1."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "An iframe element in an HTML email could trigger a network request"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2022-38/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-38/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2022-39/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-39/"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745751",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745751"
          }
        ]
      }
    },
    "mozilla.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2022-3034"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "91.13.1"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "102.2.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "When receiving an HTML email that specified to load an \u003ccode\u003eiframe\u003c/code\u003e element from a remote location, a request to the remote document was sent. However, Thunderbird didn\u0027t display the document. This vulnerability affects Thunderbird \u003c 91.13.1 and Thunderbird \u003c 102.2.1."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "An iframe element in an HTML email could trigger a network request"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-39/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-38/"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745751"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "102.2.1",
                "versionStartIncluding": "102.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "91.31.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2022-3034"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "When receiving an HTML email that specified to load an \u003ccode\u003eiframe\u003c/code\u003e element from a remote location, a request to the remote document was sent. However, Thunderbird didn\u0027t display the document. This vulnerability affects Thunderbird \u003c 102.2.1 and Thunderbird \u003c 91.13.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-1021"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745751",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745751"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2022-39/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2022-39/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2022-38/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2022-38/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2022-12-30T22:14Z",
      "publishedDate": "2022-12-22T20:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-3034 (GCVE-0-2022-3034)

Solution

Solution

Solution

Solution

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature