CVE-2022-29913 — Improper Authorization in Mozilla Thunderbird

CWE-285 — Improper Authorization CWE-1173 — Improper Use of Validation Framework8 documents7 sources

Severity

6.5MEDIUMNVD

OSV4.3

EPSS

0.2%

top 60.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Thunderbird Mozilla Firefox

Timeline

PublishedDec 22

Description

The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird < 91.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶debiandebian/thunderbird< thunderbird 1:91.9.0-1 (bookworm)

▶CVEListV5mozilla/thunderbirdunspecified — 91.9

▶NVDmozilla/thunderbird< 91.9

▶Debianmozilla/thunderbird< 1:91.9.0-1~deb11u1+3

▶Ubuntumozilla/thunderbird< 1:91.9.1+build1-0ubuntu0.18.04.1+2

🔴Vulnerability Details

OSV

CVE-2022-29913: The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process↗2022-12-22

▶

GHSA

GHSA-26j5-r8rm-66gf: The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process↗2022-12-22

▶

OSV

thunderbird vulnerabilities↗2022-05-25

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2022-05-25

▶

Red Hat

Mozilla: Speech Synthesis feature not properly disabled↗2022-05-03

▶

Debian

CVE-2022-29913: thunderbird - The parent process would not properly check whether the Speech Synthesis feature...↗2022

▶

Mozilla

Mozilla Foundation Security Advisory 2022-18: CVE-2022-29913↗

▶