Bug 2082037 (CVE-2022-1520)

Summary: CVE-2022-1520 Mozilla: Incorrect security status shown after viewing an attached email
Product: [Other] Security Response Reporter: Mauro Matteo Cascella <mcascell>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: erack, jhorak, nobody, stransky, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: thunderbird 91.9 Doc Type: ---
Doc Text:
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message might show the security status of message B.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-18 05:15:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2079747, 2079748, 2079749, 2079750, 2079751, 2079752, 2079753, 2079754, 2079755    
Bug Blocks: 2079745    

Description Mauro Matteo Cascella 2022-05-05 09:30:23 UTC 
When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B.


External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-1520
Comment 1 errata-xmlrpc 2022-05-05 13:32:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1724 https://access.redhat.com/errata/RHSA-2022:1724
Comment 2 errata-xmlrpc 2022-05-05 13:48:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:1727 https://access.redhat.com/errata/RHSA-2022:1727
Comment 3 errata-xmlrpc 2022-05-05 13:59:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1726 https://access.redhat.com/errata/RHSA-2022:1726
Comment 4 errata-xmlrpc 2022-05-05 14:03:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1730 https://access.redhat.com/errata/RHSA-2022:1730
Comment 5 errata-xmlrpc 2022-05-05 14:32:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:1725 https://access.redhat.com/errata/RHSA-2022:1725
Comment 6 errata-xmlrpc 2022-05-18 01:27:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4589 https://access.redhat.com/errata/RHSA-2022:4589
Comment 7 Product Security DevOps Team 2022-05-18 05:15:55 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-1520