Описание
When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:102.2.2+build1-0ubuntu0.18.04.1 |
| devel | not-affected | 1:102.3.3+build1-0ubuntu1 |
| esm-infra/focal | DNE | |
| focal | released | 1:102.2.2+build1-0ubuntu0.20.04.1 |
| jammy | released | 1:102.2.2+build1-0ubuntu0.22.04.1 |
| kinetic | ignored | end of life, was needs-triage |
| lunar | not-affected | 1:102.3.3+build1-0ubuntu1 |
| trusty | ignored | end of standard support |
| upstream | released | 91.13.1 |
| xenial | ignored | end of standard support |
Показывать по
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
When receiving an HTML email that contained an <code>iframe</code> ele ...
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
Уязвимость почтового клиента Thunderbird, связанная с ошибками при обработке входных данных, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
6.5 Medium
CVSS3