Vulnerabilities > CVE-2022-3034 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Thunderbird
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1745751
- https://bugzilla.mozilla.org/show_bug.cgi?id=1745751
- https://www.mozilla.org/security/advisories/mfsa2022-38/
- https://www.mozilla.org/security/advisories/mfsa2022-38/
- https://www.mozilla.org/security/advisories/mfsa2022-39/
- https://www.mozilla.org/security/advisories/mfsa2022-39/