Errata ALT-PU-2023-1214-1: Information

Package name: thunderbird
Version: 102.7.1-alt1
Bulletin updated: Feb. 9, 2023
Task: #314605

Fixes

Published: Jan. 23, 2023

BDU:2023-00529

Уязвимость почтового клиента Thunderbird, связанная с ошибками при проверке подписи S/Mime OSCP-сертификата, позволяющая нарушителю реализовать спуфинг атаку
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 2, 2023
Modified: June 9, 2023

CVE-2023-0430

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top