Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-6dgw-qbue-nqax

Summary

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag
having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then
Thunderbird started a network request to that URL, regardless of the configuration to block
remote content. In combination with certain other HTML elements and attributes in the email,
it was possible to execute JavaScript code included in the message in the context of the
message compose document. 
The JavaScript code was able to perform actions including, but probably not limited
to, read and modify the contents of the message compose document, including the quoted
original message, which could potentially contain the decrypted plaintext of encrypted data 
in the crafted email.
The contents could then be transmitted to the network, either to the URL specified in the META refresh tag,
or to a different URL, as the JavaScript code could modify the URL specified in the document.
This bug doesn't affect users who have changed the default Message Body display setting to
'simple html' or 'plain text'.

Aliases

alias	CVE-2022-3033

Fixed_packages

url	pkg:deb/debian/thunderbird@0?distro=trixie
purl	pkg:deb/debian/thunderbird@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:102.2.1-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:102.2.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.2.1-1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie

purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-pszh-x9gd-xyg4

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-ufku-v5vq-4yef

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-pszh-x9gd-xyg4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-pszh-x9gd-xyg4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-pszh-x9gd-xyg4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie

url	pkg:mozilla/Thunderbird@91.13.1
purl	pkg:mozilla/Thunderbird@91.13.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@91.13.1

url	pkg:mozilla/Thunderbird@102.2.1
purl	pkg:mozilla/Thunderbird@102.2.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@102.2.1

Affected_packages

url pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_1

purl pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-135c-h34e-tye5

vulnerability	VCID-1jvh-anus-rfeg

vulnerability	VCID-4m2d-td6c-ukd4

vulnerability	VCID-6dgw-qbue-nqax

vulnerability	VCID-bxrh-7kwf-p3at

vulnerability	VCID-c5b5-beuj-z3gh

vulnerability	VCID-cw2e-p5x2-j7fu

vulnerability	VCID-kf1h-zg32-1yh4

vulnerability	VCID-mup7-wezz-gkgc

vulnerability	VCID-qy44-ubss-x7et

vulnerability	VCID-uvzd-dxhu-hydg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@102.3.0-3%3Farch=el8_1

url pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el9_0

purl pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el9_0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-135c-h34e-tye5

vulnerability	VCID-1jvh-anus-rfeg

vulnerability	VCID-4m2d-td6c-ukd4

vulnerability	VCID-6dgw-qbue-nqax

vulnerability	VCID-bxrh-7kwf-p3at

vulnerability	VCID-c5b5-beuj-z3gh

vulnerability	VCID-cw2e-p5x2-j7fu

vulnerability	VCID-kf1h-zg32-1yh4

vulnerability	VCID-mup7-wezz-gkgc

vulnerability	VCID-qy44-ubss-x7et

vulnerability	VCID-uvzd-dxhu-hydg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@102.3.0-3%3Farch=el9_0

url pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_4

purl pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-135c-h34e-tye5

vulnerability	VCID-1jvh-anus-rfeg

vulnerability	VCID-4m2d-td6c-ukd4

vulnerability	VCID-6dgw-qbue-nqax

vulnerability	VCID-bxrh-7kwf-p3at

vulnerability	VCID-c5b5-beuj-z3gh

vulnerability	VCID-cw2e-p5x2-j7fu

vulnerability	VCID-kf1h-zg32-1yh4

vulnerability	VCID-mup7-wezz-gkgc

vulnerability	VCID-qy44-ubss-x7et

vulnerability	VCID-uvzd-dxhu-hydg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@102.3.0-3%3Farch=el8_4

url pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_6

purl pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-135c-h34e-tye5

vulnerability	VCID-1jvh-anus-rfeg

vulnerability	VCID-4m2d-td6c-ukd4

vulnerability	VCID-6dgw-qbue-nqax

vulnerability	VCID-bxrh-7kwf-p3at

vulnerability	VCID-c5b5-beuj-z3gh

vulnerability	VCID-cw2e-p5x2-j7fu

vulnerability	VCID-kf1h-zg32-1yh4

vulnerability	VCID-mup7-wezz-gkgc

vulnerability	VCID-qy44-ubss-x7et

vulnerability	VCID-uvzd-dxhu-hydg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@102.3.0-3%3Farch=el8_6

url pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_2

purl pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el8_2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-135c-h34e-tye5

vulnerability	VCID-1jvh-anus-rfeg

vulnerability	VCID-4m2d-td6c-ukd4

vulnerability	VCID-6dgw-qbue-nqax

vulnerability	VCID-bxrh-7kwf-p3at

vulnerability	VCID-c5b5-beuj-z3gh

vulnerability	VCID-cw2e-p5x2-j7fu

vulnerability	VCID-kf1h-zg32-1yh4

vulnerability	VCID-mup7-wezz-gkgc

vulnerability	VCID-qy44-ubss-x7et

vulnerability	VCID-uvzd-dxhu-hydg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@102.3.0-3%3Farch=el8_2

url pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el7_9

purl pkg:rpm/redhat/thunderbird@102.3.0-3?arch=el7_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-135c-h34e-tye5

vulnerability	VCID-1jvh-anus-rfeg

vulnerability	VCID-4m2d-td6c-ukd4

vulnerability	VCID-6dgw-qbue-nqax

vulnerability	VCID-bxrh-7kwf-p3at

vulnerability	VCID-c5b5-beuj-z3gh

vulnerability	VCID-cw2e-p5x2-j7fu

vulnerability	VCID-kf1h-zg32-1yh4

vulnerability	VCID-mup7-wezz-gkgc

vulnerability	VCID-qy44-ubss-x7et

vulnerability	VCID-uvzd-dxhu-hydg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@102.3.0-3%3Farch=el7_9

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3033.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3033.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3033

reference_id

reference_type

scores

value	0.00742
scoring_system	epss
scoring_elements	0.73137
published_at	2026-05-14T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.73007
published_at	2026-04-21T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.73047
published_at	2026-04-24T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.73057
published_at	2026-04-26T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.73054
published_at	2026-04-29T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.73048
published_at	2026-05-05T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.73076
published_at	2026-05-07T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.73098
published_at	2026-05-09T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.73058
published_at	2026-05-11T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.73082
published_at	2026-05-12T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.72917
published_at	2026-04-02T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.72937
published_at	2026-04-04T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.72912
published_at	2026-04-07T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.7295
published_at	2026-04-08T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.72964
published_at	2026-04-09T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.72989
published_at	2026-04-11T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.72969
published_at	2026-04-12T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.72962
published_at	2026-04-13T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.73004
published_at	2026-04-16T12:55:00Z

value	0.00742
scoring_system	epss
scoring_elements	0.73014
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3033

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2123256
reference_id	2123256
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2123256

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-38

reference_id

mfsa2022-38

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-38

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-38/

reference_id

mfsa2022-38

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:16:03Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-38/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-39

reference_id

mfsa2022-39

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2022-39

reference_url

https://www.mozilla.org/security/advisories/mfsa2022-39/

reference_id

mfsa2022-39

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:16:03Z/

url

https://www.mozilla.org/security/advisories/mfsa2022-39/

reference_url	https://access.redhat.com/errata/RHSA-2022:6708
reference_id	RHSA-2022:6708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6708

reference_url	https://access.redhat.com/errata/RHSA-2022:6710
reference_id	RHSA-2022:6710
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6710

reference_url	https://access.redhat.com/errata/RHSA-2022:6713
reference_id	RHSA-2022:6713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6713

reference_url	https://access.redhat.com/errata/RHSA-2022:6715
reference_id	RHSA-2022:6715
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6715

reference_url	https://access.redhat.com/errata/RHSA-2022:6716
reference_id	RHSA-2022:6716
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6716

reference_url	https://access.redhat.com/errata/RHSA-2022:6717
reference_id	RHSA-2022:6717
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6717

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1784838

reference_id

show_bug.cgi?id=1784838

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:16:03Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1784838

reference_url	https://usn.ubuntu.com/5663-1/
reference_id	USN-5663-1
reference_type
scores
url	https://usn.ubuntu.com/5663-1/

Weaknesses

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6dgw-qbue-nqax

Vulnerability Instance