CVE-2022-0566 An attacker can write 1 byte outside of Thunderbird's bounds to exploit this vulnerability.

An attacker could craft a malicious email message that would cause Thunderbird to write a single byte past the end of the intended buffer when processing the message. This could result in the execution of code with higher privileges than intended by the vulnerable application. While this issue could manifest itself in many ways, it is likely to happen when processing email messages that contain HTML content. End users are advised to apply appropriate caution when sending email messages that contain URLs or other potentially sensitive information. An attacker may be able to use this issue to execute code on the user's computer.

Alert your users to the vulnerability

If you are using Thunderbird, you should update to a newer version of Thunderbird.
You can also block HTML messages from being sent or opened in Thunderbird by downloading the patch for CVE-2022-0566.

Vulnerable packages:

Thunderbird 38.3, Thunderbird 38.1
The following packages are affected: thunderbird, thunderbird-bin, thunderbird-enigmail

CVE-2022-0567

An attacker could craft a malicious email message that would cause Thunderbird to write a single byte past the end of the intended buffer when processing the message. This could result in the execution of code with higher privileges than intended by the vulnerable application. While this issue could manifest itself in many ways, it is likely to happen when processing email messages that contain HTML content. End users are advised to apply appropriate caution when sending email messages that contain URLs or other potentially sensitive information. An attacker may be able to use this issue to execute code on the user's computer.

Vulnerability Details

The vulnerability is caused by a single byte that is written past the end of the buffer when processing an email message with HTML content. It's possible for the vulnerable application to write a single byte past the end of the intended buffer, resulting in execution of code with higher privileges than intended.
The vulnerability is being tracked as CVE-2022-0566.

Timeline

Published on: 12/22/2022 20:15:00 UTC
Last modified on: 12/29/2022 18:15:00 UTC

References