Home > Vulnerability Database > CVE-2022-1197

Mend.io Vulnerability Database

CVE-2022-1197

Date: December 22, 2022

When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a revocation reason, were unaffected. This vulnerability affects Thunderbird < 91.8.

Severity Score

5.4

Related Resources (7)

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-1197

Url: https://www.mozilla.org/security/advisories/mfsa2022-15/

Url: https://access.redhat.com/security/cve/CVE-2022-1197

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1754985

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-1197

Url: https://security-tracker.debian.org/tracker/CVE-2022-1197

Url: https://www.mend.io/vulnerability-database/CVE-2022-1197

Severity Score

5.4

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-1197

Date: December 22, 2022

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?