CVE-2022-3155
Gentoo Linux Security Advisory 202209-18
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3.
Al guardar o abrir un archivo adjunto de correo electrónico en macOS, Thunderbird no configuró el atributo com.apple.quarantine en el archivo recibido. Si el archivo recibido era una aplicación y el usuario intentaba abrirlo, entonces la aplicación se iniciaba inmediatamente sin pedirle confirmación al usuario. Esta vulnerabilidad afecta a Thunderbird < 102.3.
Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution. Versions less than 102.3.0 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-07 CVE Reserved
- 2022-09-30 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mozilla.org/security/advisories/mfsa2022-42 | 2022-12-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 102.3 Search vendor "Mozilla" for product "Thunderbird" and version " < 102.3" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|