Cybersecurity specialists reported the detection of multiple flaws in the Mozilla Thunderbird multiplatform email client, which successful exploitation would allow malicious hackers to perform several attack scenarios on target systems.
Below are brief descriptions of the reported flaws and their respective tracking key and scores assigned according to the Common Vulnerability Scoring System (CVSS).
CVE-2022-31736: An error while processing HTTP requests would allow malicious websites to extract the size of a cross-origin resource that supported Range requests, thus bypassing security restrictions on the target system.
This is a low-severity flaw and received a CVSS score of 3.8/10.
CVE-2022-31737: A boundary error in WebGL when processing HTML content would allow remote attackers to create specially crafted websites to trigger out-of-bounds writing and arbitrary code execution attacks targeting Thunderbird users.
This is a high-severity flaw and received a CVSS score of 7.7/10.
CVE-2022-31738: An error when exiting fullscreen mode may allow remote hackers to use an iframe and confuse the browser about its current screen state, thus allowing spoofing attacks.
The vulnerability received a CVSS score of 4.7/10, as it’s considered a medium severity issue.
CVE-2022-31739: An input validation error when saving downloaded files on Windows would allow remote attackers to use the “%” character in filename to store data outside the originally intended directory.
This is a medium-severity flaw and received a CVSS score of 5.7/10.
CVE-2022-31740: A boundary error related to register allocation problem in WASM on arm64 allows remote threat actors to run arbitrary code on the target system using a specially crafted website.
This is a high-severity flaw and received a CVSS score of 7.7/10.
CVE-2022-31741: A boundary error when processing HTML content would allow remote attackers to create a specially crafted webpage and run arbitrary code on the victim’s system.
The vulnerability received a CVSS score of 7.7/10, as it’s considered a high-severity issue.
CVE-2022-31742: An issue while handling a large number of allowCredential entries can allow remote malicious hackers to detect the difference between invalid key handles and cross-origin key handles using a specially crafted webpage.
This is a medium-severity flaw and received a CVSS score of 5.7/10.
CVE-2022-31747: A boundary error when processing HTML content would allow malicious hackers to create a specially crafted website and perform memory corruption and arbitrary code execution attacks.
This is a high-severity flaw and received a CVSS score of 7.7/10.
CVE-2022-1834: The incorrect processing of multiple Braille Pattern Blank space characters would result in displaying every space character, allowing threat actors to spoof senders’ email addresses.
The vulnerability received a CVSS score of 4.6/10, as it’s considered a medium severity issue.
Although these flaws can be exploited by remote, unauthenticated threat actors, no active exploit attempts or exploits have been detected for the attack. Still, Thunderbird users are advised to update to the latest version available to mitigate the risk of exploitation.
Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.