1. Home
  2. Vulnerabilities
  3. CVE-2022-3155

CVE-2022-3155

CVSS v3.1 7.8 (High)
78% Progress
EPSS 0.07 % (31th)
0.07% Progress
Affected Products 2
Advisories 3
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2022-12-22 20:15:38
(21 months ago)
Updated Date
2022-12-30 22:13:52
(20 months ago)

Affected Products

Apple

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Thunderbird prior 102.3 version cpe:2.3:a:mozilla:thunderbird < 102.3
OR  
  Running on/with
  Apple Macos cpe:2.3:o:apple:macos:-