Описание
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10.
The Mozilla Foundation Security Advisory describes this flaw as:
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug.
Отчет
Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2023:1806 | 17.04.2023 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2023:1802 | 17.04.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | thunderbird | Fixed | RHSA-2023:1803 | 17.04.2023 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | thunderbird | Fixed | RHSA-2023:1805 | 17.04.2023 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | thunderbird | Fixed | RHSA-2023:1805 | 17.04.2023 |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | thunderbird | Fixed | RHSA-2023:1805 | 17.04.2023 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | thunderbird | Fixed | RHSA-2023:1804 | 17.04.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | thunderbird | Fixed | RHSA-2023:1811 | 17.04.2023 |
| Red Hat Enterprise Linux 9 | thunderbird | Fixed | RHSA-2023:1809 | 17.04.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10.
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10.
OCSP revocation status of recipient certificates was not checked when ...
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10.
Уязвимость реализации протокола S/MIME почтового клиента Thunderbird , позволяющая нарушителю обойти существующие ограничения безопасности и получить несанкционированный доступ к защищаемой информации
EPSS
7.5 High
CVSS3