attribute, and the content attributespecifying an URL, then Thunderbird started a net...">
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
48.3%
If a Thunderbird user replied to a crafted HTML email containing a
<code>meta</code> tag, with the <code>meta</code> tag having the
<code>http-equiv=“refresh”</code> attribute, and the content attribute
specifying an URL, then Thunderbird started a network request to that URL,
regardless of the configuration to block remote content. In combination
with certain other HTML elements and attributes in the email, it was
possible to execute JavaScript code included in the message in the context
of the message compose document. The JavaScript code was able to perform
actions including, but probably not limited to, read and modify the
contents of the message compose document, including the quoted original
message, which could potentially contain the decrypted plaintext of
encrypted data in the crafted email. The contents could then be transmitted
to the network, either to the URL specified in the META refresh tag, or to
a different URL, as the JavaScript code could modify the URL specified in
the document. This bug doesn’t affect users who have changed the default
Message Body display setting to ‘simple html’ or ‘plain text’. This
vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | thunderbird | < 1:102.2.2+build1-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | thunderbird | < 1:102.2.2+build1-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | thunderbird | < 1:102.2.2+build1-0ubuntu0.22.04.1 | UNKNOWN |
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
48.3%