CVE-2022-45414

22.12.2022, 20:15

If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. An image loaded from the POSTER attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targetting releases that did not yet have a fix for CVE-2022-3033 which was reported around three months ago. This vulnerability affects Thunderbird < 102.5.1.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.1 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 51%

Affected Products (NVD)

Vendor	Product	Version
mozilla	thunderbird	𝑥 < 102.5.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

thunderbird

bookworm	1:115.12.0-1~deb12u1 fixed
bookworm (security)	1:128.4.0esr-1~deb12u1 fixed
bullseye	1:115.12.0-1~deb11u1 postponed
bullseye (security)	1:128.4.0esr-1~deb11u1 fixed
buster	postponed
sid	1:128.4.0esr-1 fixed
trixie	1:128.4.0esr-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

thunderbird

bionic	Fixed 1:102.7.1+build2-0ubuntu0.18.04.1 released
focal	Fixed 1:102.7.1+build2-0ubuntu0.20.04.1 released
jammy	Fixed 1:102.7.1+build2-0ubuntu0.22.04.1 released
kinetic	Fixed 1:102.7.1+build2-0ubuntu0.22.10.1 released
lunar	Fixed 1:102.7.1+build2-0ubuntu1 released
trusty	ignored
xenial	ignored

openSUSE / SLES Releases

openSUSE Product

Release

MozillaThunderbird

suse enterprise desktop 15 SP3	102.5.1-150200.8.93.1 fixed
suse enterprise desktop 15 SP4	102.5.1-150200.8.93.1 fixed
suse enterprise desktop 15 SP5	102.5.1-150200.8.93.1 fixed
suse enterprise desktop 15 SP6	102.5.1-150200.8.93.1 fixed
suse enterprise desktop 15 SP7	102.5.1-150200.8.93.1 fixed
suse enterprise sap 15 SP3	102.5.1-150200.8.93.1 fixed
suse enterprise sap 15 SP4	102.5.1-150200.8.93.1 fixed
suse enterprise sap 15 SP5	102.5.1-150200.8.93.1 fixed
suse enterprise sap 15 SP6	102.5.1-150200.8.93.1 fixed
suse enterprise sap 15 SP7	102.5.1-150200.8.93.1 fixed
suse enterprise server 15 SP3	102.5.1-150200.8.93.1 fixed
suse enterprise server 15 SP4	102.5.1-150200.8.93.1 fixed
suse enterprise server 15 SP5	102.5.1-150200.8.93.1 fixed
suse enterprise server 15 SP6	102.5.1-150200.8.93.1 fixed
suse enterprise server 15 SP7	102.5.1-150200.8.93.1 fixed
suse enterprise workstation 15 SP3	102.5.1-150200.8.93.1 fixed
suse enterprise workstation 15 SP4	102.5.1-150200.8.93.1 fixed
suse enterprise workstation 15 SP5	102.5.1-150200.8.93.1 fixed
suse enterprise workstation 15 SP6	102.5.1-150200.8.93.1 fixed
suse enterprise workstation 15 SP7	102.5.1-150200.8.93.1 fixed

MozillaThunderbird-translations-common

suse enterprise desktop 15 SP3	102.5.1-150200.8.93.1 fixed
suse enterprise desktop 15 SP4	102.5.1-150200.8.93.1 fixed
suse enterprise desktop 15 SP5	102.5.1-150200.8.93.1 fixed
suse enterprise desktop 15 SP6	102.5.1-150200.8.93.1 fixed
suse enterprise desktop 15 SP7	102.5.1-150200.8.93.1 fixed
suse enterprise sap 15 SP3	102.5.1-150200.8.93.1 fixed
suse enterprise sap 15 SP4	102.5.1-150200.8.93.1 fixed
suse enterprise sap 15 SP5	102.5.1-150200.8.93.1 fixed
suse enterprise sap 15 SP6	102.5.1-150200.8.93.1 fixed
suse enterprise sap 15 SP7	102.5.1-150200.8.93.1 fixed
suse enterprise server 15 SP3	102.5.1-150200.8.93.1 fixed
suse enterprise server 15 SP4	102.5.1-150200.8.93.1 fixed
suse enterprise server 15 SP5	102.5.1-150200.8.93.1 fixed
suse enterprise server 15 SP6	102.5.1-150200.8.93.1 fixed
suse enterprise server 15 SP7	102.5.1-150200.8.93.1 fixed
suse enterprise workstation 15 SP3	102.5.1-150200.8.93.1 fixed
suse enterprise workstation 15 SP4	102.5.1-150200.8.93.1 fixed
suse enterprise workstation 15 SP5	102.5.1-150200.8.93.1 fixed
suse enterprise workstation 15 SP6	102.5.1-150200.8.93.1 fixed
suse enterprise workstation 15 SP7	102.5.1-150200.8.93.1 fixed

MozillaThunderbird-translations-other

suse enterprise desktop 15 SP3	102.5.1-150200.8.93.1 fixed
suse enterprise desktop 15 SP4	102.5.1-150200.8.93.1 fixed
suse enterprise desktop 15 SP5	102.5.1-150200.8.93.1 fixed
suse enterprise desktop 15 SP6	102.5.1-150200.8.93.1 fixed
suse enterprise desktop 15 SP7	102.5.1-150200.8.93.1 fixed
suse enterprise sap 15 SP3	102.5.1-150200.8.93.1 fixed
suse enterprise sap 15 SP4	102.5.1-150200.8.93.1 fixed
suse enterprise sap 15 SP5	102.5.1-150200.8.93.1 fixed
suse enterprise sap 15 SP6	102.5.1-150200.8.93.1 fixed
suse enterprise sap 15 SP7	102.5.1-150200.8.93.1 fixed
suse enterprise server 15 SP3	102.5.1-150200.8.93.1 fixed
suse enterprise server 15 SP4	102.5.1-150200.8.93.1 fixed
suse enterprise server 15 SP5	102.5.1-150200.8.93.1 fixed
suse enterprise server 15 SP6	102.5.1-150200.8.93.1 fixed
suse enterprise server 15 SP7	102.5.1-150200.8.93.1 fixed
suse enterprise workstation 15 SP3	102.5.1-150200.8.93.1 fixed
suse enterprise workstation 15 SP4	102.5.1-150200.8.93.1 fixed
suse enterprise workstation 15 SP5	102.5.1-150200.8.93.1 fixed
suse enterprise workstation 15 SP6	102.5.1-150200.8.93.1 fixed
suse enterprise workstation 15 SP7	102.5.1-150200.8.93.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

thunderbird

RHEL 7	0:102.6.0-2.el7_9 fixed
RHEL 9	0:102.6.0-2.el9_1 fixed

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1788096

https://www.mozilla.org/security/advisories/mfsa2022-50/

https://bugzilla.mozilla.org/show_bug.cgi?id=1788096

https://www.mozilla.org/security/advisories/mfsa2022-50/