Bug 2149868 (CVE-2022-45414) - CVE-2022-45414 Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content
Summary: CVE-2022-45414 Mozilla: Quoting from an HTML email with certain tags will tri...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-45414
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2151176 2151177 2151178 2151179 2151180 2151181 2151182 2151183 2151184 2151185 2151186
Blocks: 2149867
TreeView+ depends on / blocked
 
Reported: 2022-12-01 09:10 UTC by Mauro Matteo Cascella
Modified: 2023-01-09 15:59 UTC (History)
5 users (show)

Fixed In Version: thunderbird 102.5.1
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of a configuration to block remote content, and an image loaded from the poster attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targeting releases that did not yet have a fix for CVE-2022-3033.
Clone Of:
Environment:
Last Closed: 2022-12-16 11:17:59 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:9074 0 None None None 2022-12-15 16:27:45 UTC
Red Hat Product Errata RHSA-2022:9075 0 None None None 2022-12-15 16:17:46 UTC
Red Hat Product Errata RHSA-2022:9076 0 None None None 2022-12-15 16:18:17 UTC
Red Hat Product Errata RHSA-2022:9077 0 None None None 2022-12-15 16:15:50 UTC
Red Hat Product Errata RHSA-2022:9078 0 None None None 2022-12-15 16:25:26 UTC
Red Hat Product Errata RHSA-2022:9079 0 None None None 2022-12-15 16:28:11 UTC
Red Hat Product Errata RHSA-2022:9080 0 None None None 2022-12-15 16:24:18 UTC
Red Hat Product Errata RHSA-2022:9081 0 None None None 2022-12-15 16:27:19 UTC

Description Mauro Matteo Cascella 2022-12-01 09:10:08 UTC 
If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. An image loaded from the POSTER attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targetting releases that did not yet have a fix for CVE-2022-3033 which was reported around three months ago.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-50/#CVE-2022-45414
Comment 1 errata-xmlrpc 2022-12-15 16:15:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:9077 https://access.redhat.com/errata/RHSA-2022:9077
Comment 2 errata-xmlrpc 2022-12-15 16:17:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:9075 https://access.redhat.com/errata/RHSA-2022:9075
Comment 3 errata-xmlrpc 2022-12-15 16:18:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:9076 https://access.redhat.com/errata/RHSA-2022:9076
Comment 4 errata-xmlrpc 2022-12-15 16:24:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:9080 https://access.redhat.com/errata/RHSA-2022:9080
Comment 5 errata-xmlrpc 2022-12-15 16:25:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2022:9078 https://access.redhat.com/errata/RHSA-2022:9078
Comment 6 errata-xmlrpc 2022-12-15 16:27:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:9081 https://access.redhat.com/errata/RHSA-2022:9081
Comment 7 errata-xmlrpc 2022-12-15 16:27:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:9074 https://access.redhat.com/errata/RHSA-2022:9074
Comment 8 errata-xmlrpc 2022-12-15 16:28:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:9079 https://access.redhat.com/errata/RHSA-2022:9079
Comment 9 Product Security DevOps Team 2022-12-16 11:17:57 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-45414
Note You need to log in before you can comment on or make changes to this bug.