Bug 2092416 (CVE-2022-1834) - CVE-2022-1834 Mozilla: Braille space character caused incorrect sender email to be shown for a digitally signed email
Summary: CVE-2022-1834 Mozilla: Braille space character caused incorrect sender email ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-1834
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2089665 2089666 2089667 2089669 2089670 2089671 2089672 2089673 2089674 2091924
Blocks: 2089662
TreeView+ depends on / blocked
 
Reported: 2022-06-01 13:49 UTC by Mauro Matteo Cascella
Modified: 2022-06-07 08:58 UTC (History)
5 users (show)

Fixed In Version: thunderbird 91.10
Doc Type: ---
Doc Text:
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird displays all spaces. This flaw allows an attacker to send an email message with the attacker's digital signature that shows an arbitrary sender email address chosen by the attacker. If the sender's name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if Thunderbird accepted the signing key or certificate, the email was shown as having a valid digital signature.
Clone Of:
Environment:
Last Closed: 2022-06-03 20:42:52 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:4887 0 None None None 2022-06-03 12:45:48 UTC
Red Hat Product Errata RHSA-2022:4888 0 None None None 2022-06-03 12:22:14 UTC
Red Hat Product Errata RHSA-2022:4889 0 None None None 2022-06-02 23:46:57 UTC
Red Hat Product Errata RHSA-2022:4890 0 None None None 2022-06-03 15:36:09 UTC
Red Hat Product Errata RHSA-2022:4891 0 None None None 2022-06-03 01:48:00 UTC
Red Hat Product Errata RHSA-2022:4892 0 None None None 2022-06-03 15:25:15 UTC

Description Mauro Matteo Cascella 2022-06-01 13:49:17 UTC
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if the signing key or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-1834

Comment 1 errata-xmlrpc 2022-06-02 23:46:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:4889 https://access.redhat.com/errata/RHSA-2022:4889

Comment 2 errata-xmlrpc 2022-06-03 01:47:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:4891 https://access.redhat.com/errata/RHSA-2022:4891

Comment 3 errata-xmlrpc 2022-06-03 12:22:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:4888 https://access.redhat.com/errata/RHSA-2022:4888

Comment 4 errata-xmlrpc 2022-06-03 12:45:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:4887 https://access.redhat.com/errata/RHSA-2022:4887

Comment 5 errata-xmlrpc 2022-06-03 15:25:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4892 https://access.redhat.com/errata/RHSA-2022:4892

Comment 6 errata-xmlrpc 2022-06-03 15:36:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:4890 https://access.redhat.com/errata/RHSA-2022:4890

Comment 7 Product Security DevOps Team 2022-06-03 20:42:50 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-1834


Note You need to log in before you can comment on or make changes to this bug.