Mozilla FoundationMFSA2022-43Security Vulnerabilities fixed in Thunderbird 102.3.1 — Mozilla
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
50.3%
Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that server.
Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. A malicious server administrator could interfere with cross-device verification to authenticate their own device.
Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. An adversary could spoof historical messages from other users. Additionally, a malicious key backup to the user’s account under certain unusual conditions in order to exfiltrate message keys.
Thunderbird users who use the Matrix chat protocol were vulnerable to a data corruption issue. An adversary could potentially cause data integrity issues by sending specially crafted messages.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| thunderbird | lt | 102.3.1 |
Related
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
50.3%