CVE-2022-3155
Public on 2022-12-16
Modified on 2025-04-04
Description
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that Thunderbird did not set the attribute com.apple.quarantine on the received file when saving or opening an email attachment on macOS. If the received file was an application and the user attempted to open it, the application was started immediately without asking the user to confirm.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 2 - Core | thunderbird | 2023-02-17 | ALAS2-2023-1951 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 5.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
| NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |