Описание
An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:91.11.0+build2-0ubuntu0.18.04.1 |
| devel | not-affected | 1:91.11.0+build1-0ubuntu1 |
| esm-infra/focal | DNE | |
| focal | released | 1:91.11.0+build2-0ubuntu0.20.04.1 |
| impish | released | 1:91.11.0+build2-0ubuntu0.21.10.1 |
| jammy | released | 1:91.11.0+build2-0ubuntu0.22.04.1 |
| kinetic | not-affected | 1:91.11.0+build1-0ubuntu1 |
| lunar | not-affected | 1:91.11.0+build1-0ubuntu1 |
| trusty | ignored | end of standard support, was needs-triage |
| upstream | released | 91.11 |
Показывать по
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11.
An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11.
An OpenPGP digital signature includes information about the date when ...
An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11.
Уязвимость почтового клиента Thunderbird, связанная отсутствием сопоставления даты цифровой подписи OpenPGP и даты электронного письма, позволяющая нарушителю выполнить спуфинговую атаку
EPSS
6.5 Medium
CVSS3