CVE-2022-0566
Publication date 18 February 2022
Last updated 25 August 2025
Ubuntu priority
Description
It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| thunderbird | ||
| 22.04 LTS jammy |
Fixed 1:91.6.1+build1-0ubuntu1
|
|
| 20.04 LTS focal |
Fixed 1:91.7.0+build2-0ubuntu0.20.04.1
|
|
| 18.04 LTS bionic |
Fixed 1:91.7.0+build2-0ubuntu0.18.04.1
|
|
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Ignored end of standard support |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-5345-1
- Thunderbird vulnerabilities
- 23 March 2022