{ "document": { "aggregate_severity": { "text": "High" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/vex/2022/cve-2022-45414-els_os-almalinux9_2esu.json" } ], "tracking": { "current_release_date": "2026-05-27T14:32:16Z", "generator": { "date": "2026-05-27T14:32:16Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2022-45414-ELS_OS-ALMALINUX9.2ESU", "initial_release_date": "2022-12-22T20:15:00Z", "revision_history": [ { "date": "2022-12-22T20:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-05-27T14:32:16Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2022-45414" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" }, { "branches": [ { "category": "product_version", "name": "thunderbird-0:115.4.1-1.el9_2.alma.x86_64", "product": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.x86_64", "product_id": "thunderbird-0:115.4.1-1.el9_2.alma.x86_64", "product_identification_helper": { "purl": "pkg:rpm/almalinux/thunderbird@115.4.1-1.el9_2.alma?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "product": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "product_id": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/thunderbird@115.4.1-1.el9_2.alma.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64", "product": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64", "product_id": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/thunderbird@115.4.1-1.el9_2.alma.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "product": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "product_id": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/thunderbird@115.4.1-1.el9_2.alma.tuxcare.els3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" }, "product_reference": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64" }, "product_reference": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" }, "product_reference": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.x86_64" }, "product_reference": "thunderbird-0:115.4.1-1.el9_2.alma.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-45414", "notes": [ { "category": "description", "text": "If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. An image loaded from the POSTER attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targetting releases that did not yet have a fix for CVE-2022-3033 which was reported around three months ago. This vulnerability affects Thunderbird < 102.5.1.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64" ], "known_affected": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-45414" }, { "category": "external", "summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1788096", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1788096" }, { "category": "external", "summary": "https://www.mozilla.org/security/advisories/mfsa2022-50/", "url": "https://www.mozilla.org/security/advisories/mfsa2022-50/" } ], "release_date": "2022-12-22T20:15:00Z", "remediations": [ { "category": "none_available", "date": "2026-05-21T10:07:53.805777Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els4.x86_64", "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }