1. Home
  2. Vulnerabilities
  3. CVE-2022-1197

CVE-2022-1197

CVSS v3.1 5.4 (Medium)
54% Progress
EPSS 0.08 % (34th)
0.08% Progress
Affected Products 1
Advisories 13
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a revocation reason, were unaffected. This vulnerability affects Thunderbird < 91.8.

Weaknesses
CWE-295
Improper Certificate Validation
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2022-12-22 20:15:13
(21 months ago)
Updated Date
2022-12-29 16:40:01
(20 months ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Thunderbird prior 91.8 version cpe:2.3:a:mozilla:thunderbird < 91.8