Описание
When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document (for example, images or videos), were not blocked. Rather, the network was accessed, and the objects were loaded and displayed.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2022:6710 | 26.09.2022 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2022:6708 | 26.09.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | thunderbird | Fixed | RHSA-2022:6716 | 26.09.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | thunderbird | Fixed | RHSA-2022:6715 | 26.09.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | thunderbird | Fixed | RHSA-2022:6713 | 26.09.2022 |
| Red Hat Enterprise Linux 9 | thunderbird | Fixed | RHSA-2022:6717 | 26.09.2022 |
Показывать по
Дополнительная информация
Статус:
6.1 Medium
CVSS3
Связанные уязвимости
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
When receiving an HTML email that contained an <code>iframe</code> ele ...
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
Уязвимость почтового клиента Thunderbird, связанная с ошибками при обработке входных данных, позволяющая нарушителю обойти существующие ограничения безопасности
6.1 Medium
CVSS3