CVE-2022-45414

Published: Dec 22, 2022

Modified: Apr 15, 2025

PUBLISHED

Description

If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. An image loaded from the POSTER attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targetting releases that did not yet have a fix for CVE-2022-3033 which was reported around three months ago. This vulnerability affects Thunderbird < 102.5.1.

Vendor	Product	Versions
Mozilla	Thunderbird	affected `unspecified - < 102.5.1`

References

https://www.mozilla.org/security/advisories/mfsa2022-50/

https://bugzilla.mozilla.org/show_bug.cgi?id=1788096

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-45414

Description

Affected Products

References