CVE-2022-4055

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions xdg-mail (affected versions not specified)

Description The issue arises when xdg-mail is configured to use thunderbird for mailto URLs, leading to improper parsing of the URL. This can result in additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can exploit this by creating a mailto URL that appears safe but will actually attach files when clicked.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-146

Related Identifiers

ALSA-2025:7672

ALT-PU-2024-10322

ALT-PU-2024-12523

AZL-11465

AZL-37063

BDU:2025-04910

CVE-2022-4055

ECHO-581A-B1A0-1CC4

INFSA-2025_7672

RHSA-2025:7672

RHSA-2025_7672

Affected Products

Alt Linux

Almalinux

Debian

Red Hat

Rocky Linux

Thunderbird

CVE-2022-4055

Weakness Enumeration

Related Identifiers

Affected Products

References · 24