Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-1834

Date: December 22, 2022

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if the signing key or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature. This vulnerability affects Thunderbird < 91.10.

Language: JS

Severity Score

Related Resources (10)

https://security-tracker.debian.org/tracker/CVE-2022-1834
https://github.com/mozilla/releases-comm-central/commit/5fac73e453d40397784acf4cde0b37541be3622d
https://bugzilla.redhat.com/show_bug.cgi?id=2092416
https://nvd.nist.gov/vuln/detail/CVE-2022-1834
https://bugzilla.mozilla.org/show_bug.cgi?id=1767816
https://access.redhat.com/security/cve/CVE-2022-1834
https://security.alpinelinux.org/vuln/CVE-2022-1834
https://people.canonical.com/~ubuntu-security/cve/CVE-2022-1834
https://www.mozilla.org/security/advisories/mfsa2022-22/
https://www.mend.io/vulnerability-database/CVE-2022-1834

Severity Score

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us