When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2022-11-18T00:00:00
Updated: 2024-08-03T01:27:54.165Z
Reserved: 2022-11-17T00:00:00
Link: CVE-2022-4055
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-19T00:15:31.003
Modified: 2024-11-21T07:34:31.363
Link: CVE-2022-4055
Redhat