PT-2022-2552 · Mozilla+10 · Thunderbird+10

Published

2022-05-03

Updated

2024-06-15

CVE-2022-1520

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 91.9

Description The issue arises when viewing an email message that contains an attached message, which is encrypted, digitally signed, or both. After opening and viewing the attached message, the security status of the original message may be incorrectly displayed as the security status of the attached message. This can be exploited by a remote attacker to conduct spoofing attacks by sending a specially crafted email message. The vulnerability is related to the incorrect handling of user-input data when processing signed and encrypted attached messages.

Recommendations For versions prior to 91.9, update to version 91.9 or later to resolve the issue.

Exploit

Fix

Side Channel Attack

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-203CWE-346

Related Identifiers

ALSA-2022:1730

ALT-PU-2022-1941

ALT-PU-2022-1951

ALT-PU-2022-1983

ALT-PU-2022-2053

BDU:2022-02977

CESA-2022_1725

CESA-2022_1730

CVE-2022-1520

DLA-3020-1

DSA-5141-1

MGASA-2022-0163

OPENSUSE-SU-2022_1719-1

OPENSUSE-SU-2024:12045-1

RHSA-2022:1724

RHSA-2022:1725

RHSA-2022:1726

RHSA-2022:1727

RHSA-2022:1730

RHSA-2022:4589

RHSA-2022_1725

RHSA-2022_1730

RHSA-2022_4589

RLSA-2022:1730

SUSE-SU-2022:1719-1

SUSE-SU-2022_1719-1

USN-5435-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2022-2552 · Mozilla+10 · Thunderbird+10

CVE-2022-1520

Weakness Enumeration

Related Identifiers

Affected Products

References · 78