Rewterz Threat Advisory – Multiple Matrix SDK Bundled with Thunderbird Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-39251 CVSS:8.6
Matrix Javascript SDK could allow a remote attacker to bypass security restrictions, caused by Olm/Megolm protocol confusion. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user.

CVE-2022-39250 CVSS:8.6
matrix-js-sdk could allow a remote attacker to bypass security restrictions, caused by key/device identifier confusion in SAS verification. By sending a specially-crafted request, an attacker could exploit this vulnerability to interfere with the verification flow between two users, and inject their own cross-signing user identity in place of one of the users’ identities.

CVE-2022-39249 CVSS:7.5
Matrix Javascript SDK could allow a remote attacker to bypass security restrictions, caused by the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform impersonation attack.

CVE-2022-39236 CVSS:4.3
Matrix Javascript SDK is vulnerable to a denial of service, caused by improper beacon events. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to impact the consumer’s ability to process data safely.

Impact

• Security Bypass
• Denial of Service

Indicators Of Compromise

CVE

• CVE-2022-39251
• CVE-2022-39250
• CVE-2022-39249
• CVE-2022-39236

Affected Vendors

Mozilla

Affected Products

• matrix.org Matrix Javascript SDK 19.6.0
• matrix.org Matrix Javascript SDK 17.1.0-rc.1
• matrix.org Matrix Javascript SDK 17.1.0
• Thunderbird 102.3.1

Remediation

Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.
Mozilla Foundation Security Advisory