SB2022090140 - Multiple vulnerabilities in Mozilla Thunderbird

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022090140

SB2022090140 - Multiple vulnerabilities in Mozilla Thunderbird

Published: September 1, 2022 Updated: October 20, 2022

Security Bulletin ID SB2022090140
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2022-3033)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way Thunderbird handles the meta tag having the http-equiv="refresh" attribute in email messages when the user replies to an email. A remote attacker can send a specially crafted email to the victim and force the application to initiate requests to an external URL regardless of the configuration to block remote content.

Combined with other HTML elements and attributes in the email, it is possible to execute arbitrary JavaScript code included into the malicious message in the context of the message compose document and read or modify the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email.



2) Security features bypass (CVE-ID: CVE-2022-3032)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists doe to incorrect processing of HTML emails with an iframe</code> element that uses a <code>srcdoc attribute to define the inner HTML document. A remote attacker can trick the victim to open a specially crafted email message and bypass blocking of remote objects specified in the nested document, for example images or videos.


3) Security features bypass (CVE-ID: CVE-2022-3034)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to iframe elements in an HTML email force the application to initiate network requests. A remote attacker can use an iframe to confirm that the email was read by the victim and obtain victim's IP address.


4) Input validation error (CVE-ID: CVE-2022-36059)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Matrix SDK. A remote attacker sharing a room with a victim can hide some of the rooms or spaces from users and cause minor temporary corruption.


Remediation

Install update from vendor's website.

References