PT-2022-4885 · Mozilla+3 · Thunderbird+3

Koh M. Nakagawa

Published

2022-09-20

Updated

2024-06-15

CVE-2022-3155

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 102.3

Description The issue is related to incorrect handling of the com.apple.quarantine attribute by the Thunderbird user interface. This can be exploited by a remote attacker to execute arbitrary code by loading a malicious email attachment. On macOS, when saving or opening an email attachment, Thunderbird failed to set the com.apple.quarantine attribute on the received file. If the file was an application and the user tried to open it, the application would start immediately without prompting the user for confirmation.

Recommendations For versions prior to 102.3, update to version 102.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of email attachments from untrusted sources until the update is applied. Restrict access to potentially malicious files to minimize the risk of exploitation.

Exploit

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-449CWE-254CWE-276

Related Identifiers

ALT-PU-2022-2747

ALT-PU-2022-3046

ALT-PU-2023-1137

ALT-PU-2023-4335

BDU:2022-06028

CVE-2022-3155

OPENSUSE-SU-2022_3800-1

OPENSUSE-SU-2024:12358-1

SUSE-SU-2022:3800-1

SUSE-SU-2022_3800-1

Affected Products

Alt Linux

Astra Linux

Suse

Thunderbird

PT-2022-4885 · Mozilla+3 · Thunderbird+3

CVE-2022-3155

Weakness Enumeration

Related Identifiers

Affected Products

References · 27