CVE-2022-45414

If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. An image loaded from the POSTER attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targetting releases that did not yet have a fix for CVE-2022-3033 which was reported around three months ago. This vulnerability affects Thunderbird < 102.5.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
mozillaCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
mozillathunderbird
𝑥
< 102.5.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
thunderbird
bullseye
1:115.12.0-1~deb11u1
postponed
buster
postponed
bullseye (security)
1:128.4.0esr-1~deb11u1
fixed
bookworm
1:115.12.0-1~deb12u1
fixed
bookworm (security)
1:128.4.0esr-1~deb12u1
fixed
sid
1:128.4.0esr-1
fixed
trixie
1:128.4.0esr-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
thunderbird
lunar
Fixed 1:102.7.1+build2-0ubuntu1
released
kinetic
Fixed 1:102.7.1+build2-0ubuntu0.22.10.1
released
jammy
Fixed 1:102.7.1+build2-0ubuntu0.22.04.1
released
focal
Fixed 1:102.7.1+build2-0ubuntu0.20.04.1
released
bionic
Fixed 1:102.7.1+build2-0ubuntu0.18.04.1
released
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1788096
https://www.mozilla.org/security/advisories/mfsa2022-50/
https://bugzilla.mozilla.org/show_bug.cgi?id=1788096
https://www.mozilla.org/security/advisories/mfsa2022-50/