[MFSA-2022-43] Security Vulnerabilities fixed in Thunderbird 102.3.1
CVE-2022-39236: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue (moderate)
Thunderbird users who use the Matrix chat protocol were vulnerable to a data corruption issue. An adversary could potentially cause data integrity issues by sending specially crafted messages.CVE-2022-39249: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators (high)
Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that server.CVE-2022-39250: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack (high)
Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. A malicious server administrator could interfere with cross-device verification to authenticate their own device.CVE-2022-39251: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack (high)
Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. An adversary could spoof historical messages from other users. Additionally, a malicious key backup to the user's account under certain unusual conditions in order to exfiltrate message keys.
Package | Affected Version |
---|---|
pkg:mozilla/Thunderbird | < 102.3.1 |
Package | Fixed Version |
---|---|
pkg:mozilla/Thunderbird | = 102.3.1 |
- ID
- MFSA-2022-43
- Severity
- high
- URL
- https://www.mozilla.org/en-US/security/advisories/mfsa2022-43
- Published
-
2022-09-28T00:00:00
(23 months ago) - Modified
-
2022-09-28T00:00:00
(23 months ago) - Other Advisories
-
- ALAS2-2022-1900
- ALPINE:CVE-2022-39236
- ALPINE:CVE-2022-39249
- ALPINE:CVE-2022-39250
- ALPINE:CVE-2022-39251
- ALSA-2022:7178
- ALSA-2022:7190
- ELSA-2022-7178
- ELSA-2022-7184
- ELSA-2022-7190
- FREEBSD:CB902A77-3F43-11ED-9402-901B0E9408DC
- GLSA-202210-35
- NPM:GHSA-5W8R-8PGJ-5JMF
- NPM:GHSA-6263-X97C-C4GG
- NPM:GHSA-HVV8-5V86-R45X
- NPM:GHSA-R48R-J8FX-MQ2C
- RHSA-2022:7178
- RHSA-2022:7184
- RHSA-2022:7190
- RLSA-2022:7190
- SSA:2022-273-01
- SUSE-SU-2022:3800-1
- USN-5724-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1791765 | https://bugzilla.mozilla.org/show_bug.cgi?id=1791765 | |
Bugzilla | 1791765 | https://bugzilla.mozilla.org/show_bug.cgi?id=1791765 | |
Bugzilla | 1791765 | https://bugzilla.mozilla.org/show_bug.cgi?id=1791765 | |
Bugzilla | 1791765 | https://bugzilla.mozilla.org/show_bug.cgi?id=1791765 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:mozilla/Thunderbird | Thunderbird | < 102.3.1 | ||||
Fixed | pkg:mozilla/Thunderbird | Thunderbird | = 102.3.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |