1. Home
  2. Vulnerabilities
  3. CVE-2022-3032

CVE-2022-3032

CVSS v3.1 6.5 (Medium)
65% Progress
EPSS 0.14 % (50th)
0.14% Progress
Affected Products 1
Advisories 15
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

Weaknesses
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2022-12-22 20:15:37
(21 months ago)
Updated Date
2024-02-09 02:47:57
(7 months ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Thunderbird prior 91.13.1 version cpe:2.3:a:mozilla:thunderbird < 91.13.1
  Mozilla Thunderbird from 102.0 version and prior 102.2.1 version cpe:2.3:a:mozilla:thunderbird >= 102.0 < 102.2.1