Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-3155

Опубликовано: 20 сент. 2022
Источник: redhat
CVSS3: 5.3

Описание

When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3.

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that Thunderbird did not set the attribute com.apple.quarantine on the received file when saving or opening an email attachment on macOS. If the received file was an application and the user attempted to open it, the application was started immediately without asking the user to confirm.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected
Red Hat Enterprise Linux 8thunderbirdNot affected
Red Hat Enterprise Linux 9thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-449
https://bugzilla.redhat.com/show_bug.cgi?id=2128806Mozilla: Attachment files saved to disk on macOS could be executed without warning

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-3155

CVSS3: 7.8
ubuntu
около 3 лет назад

When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3.

nvd логотип

CVE-2022-3155

CVSS3: 7.8
nvd
около 3 лет назад

When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3.

debian логотип

CVE-2022-3155

CVSS3: 7.8
debian
около 3 лет назад

When saving or opening an email attachment on macOS, Thunderbird did n ...

github логотип

GHSA-6gfq-p2cr-3q5j

CVSS3: 7.8
github
около 3 лет назад

When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3.

fstec логотип

BDU:2022-06028

CVSS3: 9.6
fstec
больше 3 лет назад

Уязвимость почтового клиента Thunderbird, связанная с некорректными действиями, выполняемыми пользовательским интерфейсом, позволяющая нарушителю выполнить произвольный код

5.3 Medium

CVSS3