Home > Vulnerability Database > CVE-2022-3032

Mend.io Vulnerability Database

CVE-2022-3032

Date: December 22, 2022

When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

Severity Score

6.5

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-3032

Url: https://access.redhat.com/security/cve/CVE-2022-3032

Url: https://www.mozilla.org/security/advisories/mfsa2022-39/

Url: https://www.mozilla.org/security/advisories/mfsa2022-38/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-3032

Url: https://security-tracker.debian.org/tracker/CVE-2022-3032

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1783831

Url: https://www.mend.io/vulnerability-database/CVE-2022-3032

Severity Score

6.5

Weakness Type (CWE)

Externally Controlled Reference to a Resource in Another Sphere

CWE-610

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-3032

Date: December 22, 2022

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?