CVE-2022-3032

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3032

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3032.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3032

Related

Published

2022-12-22T20:15:37Z

Modified

2024-09-11T02:00:05Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

References

Affected packages

Debian:12 / thunderbird

Package

Name: thunderbird
Purl: pkg:deb/debian/thunderbird?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:102.2.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / thunderbird

Package

Name: thunderbird
Purl: pkg:deb/debian/thunderbird?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:102.2.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}