Bug 2082037 (CVE-2022-1520) - CVE-2022-1520 Mozilla: Incorrect security status shown after viewing an attached email
Summary: CVE-2022-1520 Mozilla: Incorrect security status shown after viewing an attac...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-1520
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2079747 2079748 2079749 2079750 2079751 2079752 2079753 2079754 2079755
Blocks: 2079745
TreeView+ depends on / blocked
 
Reported: 2022-05-05 09:30 UTC by Mauro Matteo Cascella
Modified: 2022-05-18 05:15 UTC (History)
5 users (show)

Fixed In Version: thunderbird 91.9
Doc Type: ---
Doc Text:
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message might show the security status of message B.
Clone Of:
Environment:
Last Closed: 2022-05-18 05:15:57 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:1724 0 None None None 2022-05-05 13:32:23 UTC
Red Hat Product Errata RHSA-2022:1725 0 None None None 2022-05-05 14:32:14 UTC
Red Hat Product Errata RHSA-2022:1726 0 None None None 2022-05-05 13:59:49 UTC
Red Hat Product Errata RHSA-2022:1727 0 None None None 2022-05-05 13:48:20 UTC
Red Hat Product Errata RHSA-2022:1730 0 None None None 2022-05-05 14:03:06 UTC
Red Hat Product Errata RHSA-2022:4589 0 None None None 2022-05-18 01:27:08 UTC

Description Mauro Matteo Cascella 2022-05-05 09:30:23 UTC 
When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B.


External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-1520
Comment 1 errata-xmlrpc 2022-05-05 13:32:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1724 https://access.redhat.com/errata/RHSA-2022:1724
Comment 2 errata-xmlrpc 2022-05-05 13:48:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:1727 https://access.redhat.com/errata/RHSA-2022:1727
Comment 3 errata-xmlrpc 2022-05-05 13:59:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1726 https://access.redhat.com/errata/RHSA-2022:1726
Comment 4 errata-xmlrpc 2022-05-05 14:03:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1730 https://access.redhat.com/errata/RHSA-2022:1730
Comment 5 errata-xmlrpc 2022-05-05 14:32:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:1725 https://access.redhat.com/errata/RHSA-2022:1725
Comment 6 errata-xmlrpc 2022-05-18 01:27:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4589 https://access.redhat.com/errata/RHSA-2022:4589
Comment 7 Product Security DevOps Team 2022-05-18 05:15:55 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-1520
Note You need to log in before you can comment on or make changes to this bug.