CVE-2022-1520

When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This vulnerability affects Thunderbird < 91.9.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1745019	Issue Tracking Permissions Required Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-18/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-12-22 20:15

Updated : 2023-08-08 14:22

NVD link : CVE-2022-1520

Mitre link : CVE-2022-1520

CVE.ORG link : CVE-2022-1520

JSON object : View

Products Affected

mozilla

thunderbird

CWE

NVD-CWE-Other

{"id": "CVE-2022-1520", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-12-22T20:15:13.217", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1745019", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-18/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This vulnerability affects Thunderbird < 91.9."}, {"lang": "es", "value": "Al visualizar un mensaje de correo electr\u00f3nico A, que contiene un mensaje B adjunto, donde B est\u00e1 cifrado o firmado digitalmente o ambos, Thunderbird puede mostrar un estado de cifrado o firma incorrecto. Despu\u00e9s de abrir y ver el mensaje B adjunto, al regresar a la visualizaci\u00f3n del mensaje A, es posible que el mensaje A se muestre con el estado de seguridad del mensaje B. Esta vulnerabilidad afecta a Thunderbird < 91.9."}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C744FA6B-992E-48FC-955D-DDB61185C4A9", "versionEndExcluding": "91.9"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}