Описание
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:102.10.0+build2-0ubuntu0.18.04.1 |
| devel | not-affected | 1:102.10.0+build2-0ubuntu1 |
| esm-infra/focal | DNE | |
| focal | released | 1:102.10.0+build2-0ubuntu0.20.04.1 |
| jammy | released | 1:102.10.0+build2-0ubuntu0.22.04.1 |
| kinetic | released | 1:102.10.0+build2-0ubuntu0.22.10.1 |
| lunar | not-affected | 1:102.10.0+build2-0ubuntu1 |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | ignored | end of standard support |
Показывать по
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10.
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10.
OCSP revocation status of recipient certificates was not checked when ...
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10.
Уязвимость реализации протокола S/MIME почтового клиента Thunderbird , позволяющая нарушителю обойти существующие ограничения безопасности и получить несанкционированный доступ к защищаемой информации
EPSS
6.5 Medium
CVSS3