CVE: CVE-2022-3032

Export to Word

When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00232
Percentile: 0.46059

CVSS Scoring

CVSS v3.1 Score: 6.5

Severity: MEDIUM

Mapped CWE(s)

CWE-610 : Externally Controlled Reference to a Resource in Another Sphere

All CAPEC(s)

CAPEC-219: XML Routing Detour Attacks

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

← Back to Home