VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-zk96-6fx4-aaas

Essentials
Severities (102)
References (27)
Severity details (10)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-zk96-6fx4-aaas
Aliases	CVE-2022-1834
Summary	When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if the signing key or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature. This vulnerability affects Thunderbird < 91.10.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-295	Improper Certificate Validation
CWE-349	Acceptance of Extraneous Untrusted Data With Trusted Data

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4887
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4888
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4889
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4890
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4891
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4892
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1834.json
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
epss	0.00433	https://api.first.org/data/v1/epss?cve=CVE-2022-1834
cvssv3.1	6.5	https://bugzilla.mozilla.org/show_bug.cgi?id=1767816
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1767816
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=2092416
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2022-1834
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2022-1834
archlinux	High	https://security.archlinux.org/AVG-2761
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2022-22
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2022-22/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2022-22/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1834.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-1834
		https://bugzilla.mozilla.org/show_bug.cgi?id=1767816
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://www.mozilla.org/security/advisories/mfsa2022-22/
2092416		https://bugzilla.redhat.com/show_bug.cgi?id=2092416
AVG-2761		https://security.archlinux.org/AVG-2761
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2022-1834		https://nvd.nist.gov/vuln/detail/CVE-2022-1834
mfsa2022-22		https://www.mozilla.org/en-US/security/advisories/mfsa2022-22
RHSA-2022:4887		https://access.redhat.com/errata/RHSA-2022:4887
RHSA-2022:4888		https://access.redhat.com/errata/RHSA-2022:4888
RHSA-2022:4889		https://access.redhat.com/errata/RHSA-2022:4889
RHSA-2022:4890		https://access.redhat.com/errata/RHSA-2022:4890
RHSA-2022:4891		https://access.redhat.com/errata/RHSA-2022:4891
RHSA-2022:4892		https://access.redhat.com/errata/RHSA-2022:4892
USN-5512-1		https://usn.ubuntu.com/5512-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1834.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1767816

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:15:11Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1767816

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1834

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1834

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2022-22/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:15:11Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-22/

Exploit Prediction Scoring System (EPSS)

Percentile	0.25643
EPSS Score	0.00105
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.