vulnerability
Oracle Linux: CVE-2022-3032: ELSA-2022-6708: thunderbird security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Aug 31, 2022 | Sep 29, 2022 | Dec 3, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Aug 31, 2022
Added
Sep 29, 2022
Modified
Dec 3, 2025
Description
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an `iframe` element, which used a `srcdoc` attribute to define the internal HTML document, remote objects specified in the nested document (for example, images or videos), were not blocked. Rather, the network was accessed, and the objects were loaded and displayed.
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an `iframe` element, which used a `srcdoc` attribute to define the internal HTML document, remote objects specified in the nested document (for example, images or videos), were not blocked. Rather, the network was accessed, and the objects were loaded and displayed.
Solution
oracle-linux-upgrade-thunderbird
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.