Home > Vulnerability Database > CVE-2022-1520

Mend.io Vulnerability Database

CVE-2022-1520

Date: December 21, 2022

When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This vulnerability affects Thunderbird < 91.9.

Severity Score

4.3

Related Resources (7)

Url: https://access.redhat.com/security/cve/CVE-2022-1520

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1745019

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-1520

Url: https://www.mozilla.org/security/advisories/mfsa2022-18/

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-1520

Url: https://security-tracker.debian.org/tracker/CVE-2022-1520

Url: https://www.mend.io/vulnerability-database/CVE-2022-1520

Severity Score

4.3

Weakness Type (CWE)

Inadequate Encryption Strength

CWE-326

Origin Validation Error

CWE-346

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-1520

Date: December 21, 2022

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?