{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T15:46:26.432","vulnerabilities":[{"cve":{"id":"CVE-2022-2226","sourceIdentifier":"security@mozilla.org","published":"2022-12-22T20:15:27.540","lastModified":"2025-04-15T15:15:58.053","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11."},{"lang":"es","value":"Una firma digital OpenPGP incluye información sobre la fecha en que se creó la firma. Al mostrar un correo electrónico que contiene una firma digital, se mostrará la fecha del correo electrónico. Si las fechas eran diferentes, entonces Thunderbird no informó que el correo electrónico tuviera una firma no válida. Si un atacante realizó un ataque de repetición, en el que un correo electrónico antiguo con contenido antiguo se reenvía más adelante, podría hacer que la víctima crea que las declaraciones en el correo electrónico son actuales. Las versiones fijas de Thunderbird requerirán que la fecha de la firma coincida aproximadamente con la fecha mostrada en el correo electrónico. Esta vulnerabilidad afecta a Thunderbird &lt; 102 y Thunderbird &lt; 91.11."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-294"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"91.11","matchCriteriaId":"897D6E98-A21E-4D5A-A4E8-64073F667C0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:thunderbird:101.0:*:*:*:*:*:*:*","matchCriteriaId":"A216EBB0-80B9-4D77-8D82-6E073A21E2EF"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1775441","source":"security@mozilla.org","tags":["Issue Tracking","Permissions Required","Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2022-26/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1775441","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Permissions Required","Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2022-26/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}