CVE-2022-3155

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-3155

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3155.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3155

Downstream

SUSE-SU-2022:3800-1

openSUSE-SU-2024:12358-1

Related

Withdrawn

2026-05-04T08:39:01.175266Z

Published

2022-12-22T20:15:38.313Z

Modified

2026-05-04T08:39:01.175266Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "102.3"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3155.json"