1. Home
  2. CVE Database
  3. CVE-2022-1520
MEDIUM · 4.3

CVE-2022-1520

When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening...

Vulnerability Description

When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This vulnerability affects Thunderbird < 91.9.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
MozillaThunderbird< 91.9

Related Weaknesses (CWE)

CWE-346

References

FAQ

What is CVE-2022-1520?

CVE-2022-1520 is a vulnerability with a CVSS score of 4.3 (MEDIUM). When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening...

How severe is CVE-2022-1520?

CVE-2022-1520 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1520?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Thunderbird.