An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-2226
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:5478 https://access.redhat.com/errata/RHSA-2022:5478
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:5473 https://access.redhat.com/errata/RHSA-2022:5473
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5470 https://access.redhat.com/errata/RHSA-2022:5470
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:5475 https://access.redhat.com/errata/RHSA-2022:5475
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:5480 https://access.redhat.com/errata/RHSA-2022:5480
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5482 https://access.redhat.com/errata/RHSA-2022:5482
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-2226