October 2, 2022

Mozilla Releases Security Update for Thunderbird

Mozilla has released a security update to address a vulnerability in Thunderbird.

An attacker could exploit this vulnerability to take control of an affected system.

The newly released Thunderbird version is 102.3.1.

The High-severity Vulnerabilities

• CVE-2022-39249, High severity – Matrix Chat Protocol Vulnerability, a malicious server administrator could fake encrypted messages to look as if they were sent from another user on that server.
• CVE-2022-39250, High severity – Matrix Chat Protocol Vulnerability, a malicious server administrator could interfere with cross-device verification to authenticate their own device.
• CVE-2022-39251, High severity – Matrix Chat Protocol Vulnerability, An adversary could spoof historical messages from other users. Additionally, a malicious key backup to the user’s account under certain unusual conditions in order to exfiltrate message keys.

Affected Products

Thunderbird versions prior to 102.3.1

Mitigation

CYREBRO recommends using this product to update Thunderbird to version 102.3.1.

References: Mozilla Advisory