CVE-2022-3032
N/A
N/A
Summary
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Thunderbird | unspecified < 102.2.1 | affected |
| Mozilla | Thunderbird | unspecified < 91.13.1 | affected |
Weaknesses
- Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked
ADP Enrichment
CVE Program Container
Additional References
- https://www.mozilla.org/security/advisories/mfsa2022-38/
- https://www.mozilla.org/security/advisories/mfsa2022-39/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1783831
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.mozilla.org/security/advisories/mfsa2022-38/
- https://www.mozilla.org/security/advisories/mfsa2022-39/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1783831
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.