Main Vulnerability Database Vulnerabilities #VU67553

#VU67553 Security features bypass in Mozilla Thunderbird - CVE-2022-3155

Published: September 21, 2022

Vulnerability identifier: #VU67553

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-3155

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Thunderbird

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insecure handling of email attachments in Thunderbird on macOS. The application does not set attribute com.apple.quarantine on the received file, as a result, If the received file is an application and the user attempts to open it, then the application is being executed immediately without asking the user to confirm.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/

#VU67553 Security features bypass in Mozilla Thunderbird - CVE-2022-3155

Description

Remediation

External links

Please verify you're human