CVE-2022-1834 — Improper Certificate Validation in Mozilla Thunderbird
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 61.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 22
Latest updateOct 1
Description
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name started with a false email address, followed by many Braille space characters, the attacker's email address was not visib…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages6 packages
🔴Vulnerability Details
3GHSA▶
GHSA-qq6h-hx9q-4fxv: When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have↗2022-12-22
OSV▶
CVE-2022-1834: When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have↗2022-12-22