9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
71.8%
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, spoof the UI, bypass CSP restrictions, or
execute arbitrary code. (CVE-2022-2200, CVE-2022-31736, CVE-2022-31737,
CVE-2022-31738, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742,
CVE-2022-31744, CVE-2022-31747, CVE-2022-34468, CVE-2022-34470,
CVE-2022-34479, CVE-2022-34481, CVE-2022-34484)
It was discovered that an unavailable PAC file caused OCSP requests to
be blocked, resulting in incorrect error pages being displayed.
(CVE-2022-34472)
It was discovered that the Braille space character could be used to
cause Thunderbird to display the wrong sender address for signed messages.
An attacker could potentially exploit this to trick the user into
believing a message had been sent from somebody they trusted.
(CVE-2022-1834)
It was discovered that Thunderbird would consider an email with a
mismatched OpenPGP signature date as valid. An attacker could potentially
exploit this by replaying an older message in order to trick the user into
believing that the statements in the message are current. (CVE-2022-2226)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 22.04 | noarch | thunderbird | < 1:91.11.0+build2-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-dbg | < 1:91.11.0+build2-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-dev | < 1:91.11.0+build2-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-gnome-support | < 1:91.11.0+build2-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-gnome-support-dbg | < 1:91.11.0+build2-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-locale-af | < 1:91.11.0+build2-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-locale-ar | < 1:91.11.0+build2-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-locale-ast | < 1:91.11.0+build2-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-locale-be | < 1:91.11.0+build2-0ubuntu0.22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | thunderbird-locale-bg | < 1:91.11.0+build2-0ubuntu0.22.04.1 | UNKNOWN |
ubuntu.com/security/CVE-2022-1834
ubuntu.com/security/CVE-2022-2200
ubuntu.com/security/CVE-2022-2226
ubuntu.com/security/CVE-2022-31736
ubuntu.com/security/CVE-2022-31737
ubuntu.com/security/CVE-2022-31738
ubuntu.com/security/CVE-2022-31740
ubuntu.com/security/CVE-2022-31741
ubuntu.com/security/CVE-2022-31742
ubuntu.com/security/CVE-2022-31744
ubuntu.com/security/CVE-2022-31747
ubuntu.com/security/CVE-2022-34468
ubuntu.com/security/CVE-2022-34470
ubuntu.com/security/CVE-2022-34472
ubuntu.com/security/CVE-2022-34479
ubuntu.com/security/CVE-2022-34481
ubuntu.com/security/CVE-2022-34484
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
71.8%