mickmick.net

Mozilla Thunderbird Multiple Vulnerabilities

Release Date: 3 Oct 2022

RISK: Medium Risk

TYPE: Clients - Email Clients

Multiple vulnerabilities were identified in Mozilla Thunderbird. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, spoofing and data manipulation disclosure on the targeted system.

---

Impact

• Security Restriction Bypass
• Spoofing
• Data Manipulation

---

System / Technologies affected

• Thunderbird version prior to 102.3.1

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

• Update to version 102.3.1

---

Vulnerability Identifier

• CVE-2022-39236
• CVE-2022-39249
• CVE-2022-39250
• CVE-2022-39251

---

Source

• Mozilla
• US-CERT

---

Related Link

• https://www.mozilla.org/en-US/security/advisories/mfsa2022-43/
• https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/mozilla-releases-security-update-thunderbird