CVE-2022-1520: 
NixOS vulnerability analysis and mitigation

CVE-2022-1520 is a security vulnerability discovered in Mozilla Thunderbird that affects the email security status display functionality. The vulnerability was disclosed and fixed in Thunderbird version 91.9, released on May 3, 2022. The issue affects the way Thunderbird handles the display of security status for encrypted or digitally signed email attachments (Mozilla Advisory, Red Hat).

When a user views an email message (A) containing an attached message (B) that is encrypted or digitally signed or both, Thunderbird may display an incorrect encryption or signature status. Specifically, after opening and viewing the attached message B and returning to message A, message A might incorrectly show the security status of message B. The vulnerability has been assigned a low severity impact rating by the Thunderbird security team (Mozilla Advisory).

The primary impact of this vulnerability is the potential for users to be misled about the security status of email messages. This could result in users making incorrect assumptions about the encryption or signature status of their emails, potentially leading to security misunderstandings. However, the overall impact is considered low as it does not directly lead to code execution or data compromise (Mozilla Advisory).

The vulnerability has been fixed in Thunderbird version 91.9. Users are advised to update their Thunderbird installation to this version or later. For Red Hat Enterprise Linux users, updated packages have been released through the official channels. All running instances of Thunderbird must be restarted for the update to take effect (Red Hat).