1. Home
  2. Security Advisories
  3. Mozilla
  4. MFSA-2022-54

[MFSA-2022-54] Security Vulnerabilities fixed in Thunderbird 102.6.1

Severity High
Affected Packages 1
Fixed Packages 1
CVEs 1
Info Packages References Vulnerabilities

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

  • CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions (moderate) A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>Note: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1
Package Affected Version
pkg:mozilla/Thunderbird < 102.6.1
Package Fixed Version
pkg:mozilla/Thunderbird = 102.6.1
ID
MFSA-2022-54
Severity
high
URL
https://www.mozilla.org/en-US/security/advisories/mfsa2022-54
Published
2022-12-20T00:00:00
(21 months ago)
Modified
2022-12-20T00:00:00
(21 months ago)
Other Advisories
Source # ID Name URL
Bugzilla 1746139 https://bugzilla.mozilla.org/show_bug.cgi?id=1746139
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:mozilla/Thunderbird Thunderbird < 102.6.1
Fixed pkg:mozilla/Thunderbird Thunderbird = 102.6.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date