Package thunderbird updated to version 102.7.1-alt1 for branch p10 in task 314605.

Published: 2023-01-23

BDU:2023-00529

Уязвимость почтового клиента Thunderbird, связанная с ошибками при проверке подписи S/Mime OSCP-сертификата, позволяющая нарушителю реализовать спуфинг атаку

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2023-0430
MFSA 2023-04

Published: 2023-06-02
Modified: 2025-01-10

CVE-2023-0430

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

https://bugzilla.mozilla.org/show_bug.cgi?id=1769000
https://bugzilla.mozilla.org/show_bug.cgi?id=1769000
https://bugzilla.mozilla.org/show_bug.cgi?id=1769000
https://www.mozilla.org/security/advisories/mfsa2023-04/
https://www.mozilla.org/security/advisories/mfsa2023-04/

Version: 2.1.0

Package thunderbird update in p10 on 2023-02-09

ALT-PU-2023-1214-1

Closed vulnerabilities

BDU:2023-00529

CVE-2023-0430