CVE-2022-45414
thunderbird - security update
8.1
HIGH
CVSS 3.1
EPSS 0.28%
描述
If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. An image loaded from the POSTER attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targetting releases that did not yet have a fix for CVE-2022-3033 which was reported around three months ago. This vulnerability affects Thunderbird < 102.5.1.
如何修補 CVE-2022-45414
要修補 CVE-2022-45414,請將受影響套件升級到下列已修補版本。
- —升級至 1:102.6.0-1~deb11u1 或更新版本
- —升級至 1:102.6.0-1~deb11u1 或更新版本
CVE-2022-45414 正在被利用嗎?
低 — EPSS 為 0.3%,目前沒有觀察到大規模利用活動。
受影響套件(2)
- from 0, < 1:102.6.0-1~deb11u1
- from 0, < 1:102.6.0-1~deb11u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |