CVE-2022-3033

If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. In combination with certain other HTML elements and attributes in the email, it was possible to execute JavaScript code included in the message in the context of the message compose document. The JavaScript code was able to perform actions including, but probably not limited to, read and modify the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email. The contents could then be transmitted to the network, either to the URL specified in the META refresh tag, or to a different URL, as the JavaScript code could modify the URL specified in the document. This bug doesn't affect users who have changed the default Message Body display setting to 'simple html' or 'plain text'. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:18

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1784838 - Issue Tracking, Permissions Required, Vendor Advisory () https://bugzilla.mozilla.org/show_bug.cgi?id=1784838 - Issue Tracking, Permissions Required, Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2022-38/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2022-38/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2022-39/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2022-39/ - Vendor Advisory

08 Aug 2023, 14:22

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.1
References (MISC) https://www.mozilla.org/security/advisories/mfsa2022-39/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2022-39/ - Vendor Advisory
References (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1784838 - (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1784838 - Issue Tracking, Permissions Required, Vendor Advisory
References (MISC) https://www.mozilla.org/security/advisories/mfsa2022-38/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2022-38/ - Vendor Advisory
CPE cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CWE CWE-79

22 Dec 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-12-22 20:15

Updated : 2024-11-21 07:18


NVD link : CVE-2022-3033

Mitre link : CVE-2022-3033

CVE.ORG link : CVE-2022-3033


JSON object : View

Products Affected

mozilla

  • thunderbird
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')