Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2s85-r5tn-wucn
Vulnerability ID VCID-2s85-r5tn-wucn
Aliases CVE-2022-31741
Summary Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-457 Use of Uninitialized Variable
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31741.json
epss 0.00266 https://api.first.org/data/v1/epss?cve=CVE-2022-31741
epss 0.00266 https://api.first.org/data/v1/epss?cve=CVE-2022-31741
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-31741
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-31741
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-31741
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-31741
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-31741
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-31741
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-31741
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2022-31741
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-31741
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-31741
epss 0.00329 https://api.first.org/data/v1/epss?cve=CVE-2022-31741
cvssv3.1 8.8 https://bugzilla.mozilla.org/show_bug.cgi?id=1767590
ssvc Track* https://bugzilla.mozilla.org/show_bug.cgi?id=1767590
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux High https://security.archlinux.org/AVG-2760
archlinux High https://security.archlinux.org/AVG-2761
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-20
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-21
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-22
cvssv3.1 8.8 https://www.mozilla.org/security/advisories/mfsa2022-20/
ssvc Track* https://www.mozilla.org/security/advisories/mfsa2022-20/
cvssv3.1 8.8 https://www.mozilla.org/security/advisories/mfsa2022-21/
ssvc Track* https://www.mozilla.org/security/advisories/mfsa2022-21/
cvssv3.1 8.8 https://www.mozilla.org/security/advisories/mfsa2022-22/
ssvc Track* https://www.mozilla.org/security/advisories/mfsa2022-22/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31741.json
https://api.first.org/data/v1/epss?cve=CVE-2022-31741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2092024 https://bugzilla.redhat.com/show_bug.cgi?id=2092024
AVG-2760 https://security.archlinux.org/AVG-2760
AVG-2761 https://security.archlinux.org/AVG-2761
GLSA-202208-08 https://security.gentoo.org/glsa/202208-08
GLSA-202208-14 https://security.gentoo.org/glsa/202208-14
mfsa2022-20 https://www.mozilla.org/en-US/security/advisories/mfsa2022-20
mfsa2022-20 https://www.mozilla.org/security/advisories/mfsa2022-20/
mfsa2022-21 https://www.mozilla.org/en-US/security/advisories/mfsa2022-21
mfsa2022-21 https://www.mozilla.org/security/advisories/mfsa2022-21/
mfsa2022-22 https://www.mozilla.org/en-US/security/advisories/mfsa2022-22
mfsa2022-22 https://www.mozilla.org/security/advisories/mfsa2022-22/
RHSA-2022:4870 https://access.redhat.com/errata/RHSA-2022:4870
RHSA-2022:4871 https://access.redhat.com/errata/RHSA-2022:4871
RHSA-2022:4872 https://access.redhat.com/errata/RHSA-2022:4872
RHSA-2022:4873 https://access.redhat.com/errata/RHSA-2022:4873
RHSA-2022:4875 https://access.redhat.com/errata/RHSA-2022:4875
RHSA-2022:4876 https://access.redhat.com/errata/RHSA-2022:4876
RHSA-2022:4887 https://access.redhat.com/errata/RHSA-2022:4887
RHSA-2022:4888 https://access.redhat.com/errata/RHSA-2022:4888
RHSA-2022:4889 https://access.redhat.com/errata/RHSA-2022:4889
RHSA-2022:4890 https://access.redhat.com/errata/RHSA-2022:4890
RHSA-2022:4891 https://access.redhat.com/errata/RHSA-2022:4891
RHSA-2022:4892 https://access.redhat.com/errata/RHSA-2022:4892
show_bug.cgi?id=1767590 https://bugzilla.mozilla.org/show_bug.cgi?id=1767590
USN-5475-1 https://usn.ubuntu.com/5475-1/
USN-5512-1 https://usn.ubuntu.com/5512-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31741.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1767590
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:58:38Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1767590
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2022-20/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:58:38Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-20/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2022-21/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:58:38Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-21/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2022-22/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:58:38Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-22/
Exploit Prediction Scoring System (EPSS)
Percentile 0.50074
EPSS Score 0.00266
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:58:35.271073+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202208-14 38.0.0