Описание
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.
The Mozilla Foundation Security Advisory: When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message.
Отчет
Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2024:0027 | 02.01.2024 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2024:0003 | 02.01.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | thunderbird | Fixed | RHSA-2024:0030 | 02.01.2024 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | thunderbird | Fixed | RHSA-2024:0030 | 02.01.2024 |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | thunderbird | Fixed | RHSA-2024:0030 | 02.01.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | thunderbird | Fixed | RHSA-2024:0028 | 02.01.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | thunderbird | Fixed | RHSA-2024:0028 | 02.01.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | thunderbird | Fixed | RHSA-2024:0028 | 02.01.2024 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | thunderbird | Fixed | RHSA-2024:0005 | 02.01.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.
When processing a PGP/MIME payload that contains digitally signed text ...
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.
Уязвимость почтового клиента Thunderbird, связанная с ошибками обработки криптографической подписи OpenPGP, позволяющая нарушителю осуществить спуфинг-атаку
EPSS
7.5 High
CVSS3