9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
64.2%
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
bypass permission prompts, obtain sensitive information, bypass security
restrictions, cause user confusion, or execute arbitrary code.
(CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913,
CVE-2022-29914, CVE-2022-29916, CVE-2022-29917)
It was discovered that Thunderbird would show the wrong security status
after viewing an attached message that is signed or encrypted. An attacker
could potentially exploit this by tricking the user into trusting the
authenticity of a message. (CVE-2022-1520)
It was discovered that the methods of an Array object could be corrupted
as a result of prototype pollution by sending a message to the parent
process. If a user were tricked into opening a specially crafted website
in a browsing context, an attacker could exploit this to execute
JavaScript in a privileged context. (CVE-2022-1529, CVE-2022-1802)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 22.04 | noarch | thunderbird | < 1:91.9.1+build1-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-dbg | < 1:91.9.1+build1-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-dev | < 1:91.9.1+build1-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-gnome-support | < 1:91.9.1+build1-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-gnome-support-dbg | < 1:91.9.1+build1-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-locale-af | < 1:91.9.1+build1-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-locale-ar | < 1:91.9.1+build1-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-locale-ast | < 1:91.9.1+build1-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-locale-be | < 1:91.9.1+build1-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-locale-bg | < 1:91.9.1+build1-0ubuntu0.22.04.1 | UNKNOWN |
ubuntu.com/security/CVE-2022-1520
ubuntu.com/security/CVE-2022-1529
ubuntu.com/security/CVE-2022-1802
ubuntu.com/security/CVE-2022-29909
ubuntu.com/security/CVE-2022-29911
ubuntu.com/security/CVE-2022-29912
ubuntu.com/security/CVE-2022-29913
ubuntu.com/security/CVE-2022-29914
ubuntu.com/security/CVE-2022-29916
ubuntu.com/security/CVE-2022-29917
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
64.2%