When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
Weakness
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Thunderbird | Mozilla | * | 91.13.1 (excluding) |
| Thunderbird | Mozilla | 102.0 (including) | 102.2.1 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | thunderbird-0:102.3.0-3.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | thunderbird-0:102.3.0-3.el8_6 | * |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | RedHat | thunderbird-0:102.3.0-3.el8_1 | * |
| Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | thunderbird-0:102.3.0-3.el8_2 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support | RedHat | thunderbird-0:102.3.0-3.el8_4 | * |
| Red Hat Enterprise Linux 9 | RedHat | thunderbird-0:102.3.0-3.el9_0 | * |
| Thunderbird | Ubuntu | bionic | * |
| Thunderbird | Ubuntu | focal | * |
| Thunderbird | Ubuntu | jammy | * |
| Thunderbird | Ubuntu | kinetic | * |
| Thunderbird | Ubuntu | trusty | * |
| Thunderbird | Ubuntu | upstream | * |
| Thunderbird | Ubuntu | xenial | * |
Related Attack Patterns
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1783831
- https://www.mozilla.org/security/advisories/mfsa2022-38/
- https://www.mozilla.org/security/advisories/mfsa2022-39/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1783831
- https://www.mozilla.org/security/advisories/mfsa2022-38/
- https://www.mozilla.org/security/advisories/mfsa2022-39/