Описание
When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | MacOS only |
| devel | not-affected | MacOS only |
| esm-infra/focal | DNE | |
| focal | not-affected | MacOS only |
| jammy | not-affected | MacOS only |
| kinetic | not-affected | MacOS only |
| lunar | not-affected | MacOS only |
| trusty | ignored | end of standard support |
| upstream | released | 102.3 |
| xenial | ignored | end of standard support |
Показывать по
EPSS
7.8 High
CVSS3
Связанные уязвимости
When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3.
When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3.
When saving or opening an email attachment on macOS, Thunderbird did n ...
When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3.
Уязвимость почтового клиента Thunderbird, связанная с некорректными действиями, выполняемыми пользовательским интерфейсом, позволяющая нарушителю выполнить произвольный код
EPSS
7.8 High
CVSS3