2143792 – (CVE-2022-4055) CVE-2022-4055 xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments

Bug 2143792 (CVE-2022-4055) - CVE-2022-4055 xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments

Summary: CVE-2022-4055 xdg-utils: improper parse of mailto URIs allows bypass of Thund...

Keywords:
Status:	NEW
Alias:	CVE-2022-4055
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2151294 2151303 2151304
Blocks:	2128075
TreeView+	depends on / blocked

Reported:	2022-11-17 21:17 UTC by Zack Miele
Modified:	2025-05-15 13:00 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:7672	0	None	None	None	2025-05-15 13:00:00 UTC

Description Zack Miele 2022-11-17 21:17:55 UTC

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.

Comment 2 Zack Miele 2022-12-06 15:53:58 UTC

Created xdg-utils tracking bugs for this issue:

Affects: fedora-all [bug 2151294]

Comment 5 errata-xmlrpc 2025-05-15 12:59:59 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:7672 https://access.redhat.com/errata/RHSA-2025:7672

Note You need to log in before you can comment on or make changes to this bug.