Bug 2143792 (CVE-2022-4055)

Summary: CVE-2022-4055 xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments
Product: [Other] Security Response Reporter: Zack Miele <zmiele>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: alexl, dking
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2151294, 2151303, 2151304    
Bug Blocks: 2128075    

Description Zack Miele 2022-11-17 21:17:55 UTC 
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.
Comment 2 Zack Miele 2022-12-06 15:53:58 UTC 
Created xdg-utils tracking bugs for this issue:

Affects: fedora-all [bug 2151294]