CVE-2022-1197

Published: Dec 22, 2022Modified: Apr 16, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a revocation reason, were unaffected. This vulnerability affects Thunderbird < 91.8.

Affected (1)

Products: Mozilla: Thunderbird

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Thunderbird	Before 91.8

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (4)

https://bugzilla.mozilla.org/show_bug.cgi?id=1754985

Source: security@mozilla.org

Issue TrackingPermissions RequiredVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2022-15/

Source: security@mozilla.org

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1754985

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions RequiredVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2022-15/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.