All errata/sisyphus_riscv64/ALT-PU-2023-2452-1
ALT-PU-2023-2452-1

Package update thunderbird in branch sisyphus_riscv64

Version102.7.1-alt0.1.rv64
Task#0
Published2023-02-06
Max severityCRITICAL
Severity:

Closed issues (2)

BDU:2023-00529
CRITICAL9.8

Уязвимость почтового клиента Thunderbird, связанная с ошибками при проверке подписи S/Mime OSCP-сертификата, позволяющая нарушителю реализовать спуфинг атаку

Published: 2023-02-02Modified: 2024-09-24
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2023-0430
MEDIUM6.5

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1.

Published: 2023-06-02Modified: 2025-01-10
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References