Vulnerabilities > CVE-2022-3034 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Thunderbird

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
mozilla
CWE-1021
NVD
Published: 2022-12-22
Updated: 2022-12-30

Summary

When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

Vulnerable Configurations

Part Description Count
Application
Mozilla
461

Common Weakness Enumeration (CWE)

References