CVE-2022-2226

Published: Dic 22, 2022 Last Modified: Apr 15, 2025 EU-VD ID: EUVD-2022-34506 Aliases: GSD-2022-2226
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none

Description

AI Translation Available

An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0031
Percentile
0,5th
Updated

EPSS Score Trend (Last 90 Days)

294

Authentication Bypass by Capture-replay

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
Application

Thunderbird by Mozilla

Product Information
Vendor Mozilla
Product Thunderbird
Version Range Affected
To 91.11 (exclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Thunderbird by Mozilla

Product Information
Vendor Mozilla
Product Thunderbird
Version 101.0
cpe:2.3:a:mozilla:thunderbird:101.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://bugzilla.mozilla.org/show_bug.cgi?id=1775441
Issue Tracking Permissions Required Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1775441
https://www.mozilla.org/security/advisories/mfsa2022-26/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-26/
https://bugzilla.mozilla.org/show_bug.cgi?id=1775441
Issue Tracking Permissions Required Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1775441
https://www.mozilla.org/security/advisories/mfsa2022-26/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-26/