CVE-2022-3033

{"id": "CVE-2022-3033", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2022-12-22T20:15:37.947", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1784838", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-38/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-39/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv=\"refresh\"</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. In combination with certain other HTML elements and attributes in the email, it was possible to execute JavaScript code included in the message in the context of the message compose document. The JavaScript code was able to perform actions including, but probably not limited to, read and modify the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email. The contents could then be transmitted to the network, either to the URL specified in the META refresh tag, or to a different URL, as the JavaScript code could modify the URL specified in the document. This bug doesn't affect users who have changed the default Message Body display setting to 'simple html' or 'plain text'. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1."}, {"lang": "es", "value": "Si un usuario de Thunderbird respondi\u00f3 a un correo electr\u00f3nico HTML manipulado que contiene una etiqueta <code>meta</code>, y la etiqueta <code>meta</code> tiene el atributo <code>http-equiv=\"refresh\"</code> , y el atributo de contenido que especifica una URL, Thunderbird inici\u00f3 una solicitud de red a esa URL, independientemente de la configuraci\u00f3n para bloquear contenido remoto. En combinaci\u00f3n con otros elementos y atributos HTML del correo electr\u00f3nico, era posible ejecutar el c\u00f3digo JavaScript incluido en el mensaje en el contexto del documento de redacci\u00f3n del mensaje. El c\u00f3digo JavaScript pudo realizar acciones que incluyen, entre otras, leer y modificar el contenido del documento de redacci\u00f3n del mensaje, incluido el mensaje original citado, que potencialmente podr\u00eda contener el texto plano descifrado de los datos cifrados en el correo electr\u00f3nico elaborado. Luego, el contenido podr\u00eda transmitirse a la red, ya sea a la URL especificada en la etiqueta de actualizaci\u00f3n META o a una URL diferente, ya que el c\u00f3digo JavaScript podr\u00eda modificar la URL especificada en el documento. Este error no afecta a los usuarios que han cambiado la configuraci\u00f3n predeterminada de visualizaci\u00f3n del cuerpo del mensaje a \"html simple\" o \"texto plano\". Esta vulnerabilidad afecta a Thunderbird &lt; 102.2.1 y Thunderbird &lt; 91.13.1."}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76F28FD2-6BE5-43C4-93B5-051739E3600E", "versionEndExcluding": "91.13.1"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "576EEF40-52A5-4876-843C-2648CBA74475", "versionEndExcluding": "102.2.1", "versionStartIncluding": "102.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}