1. Home
  2. Vulnerabilities
  3. CVE-2022-2226

CVE-2022-2226

CVSS v3.1 6.5 (Medium)
65% Progress
EPSS 0.08 % (35th)
0.08% Progress
Affected Products 1
Advisories 17
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11.

Weaknesses
CWE-294
Authentication Bypass by Capture-replay
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2022-12-22 20:15:27
(21 months ago)
Updated Date
2023-01-05 13:52:11
(20 months ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Thunderbird prior 91.11 version cpe:2.3:a:mozilla:thunderbird < 91.11
  Mozilla Thunderbird 101.0 cpe:2.3:a:mozilla:thunderbird:101.0