Описание
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | 1:115.6.0+build2-0ubuntu1 |
| esm-infra/focal | DNE | |
| focal | released | 1:115.6.0+build2-0ubuntu0.20.04.1 |
| jammy | released | 1:115.6.0+build2-0ubuntu0.22.04.1 |
| lunar | released | 1:115.6.0+build2-0ubuntu0.23.04.1 |
| mantic | released | 1:115.6.0+build2-0ubuntu0.23.10.1 |
| trusty | ignored | end of standard support |
| upstream | released | 1:115.6.0-1 |
| xenial | ignored | end of standard support |
Показывать по
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6.
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6.
The signature of a digitally signed S/MIME email message may optionall ...
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6.
Уязвимость реализации стандарта шифрования S/MIME (Secure/Multipurpose Internet Mail Extensions) почтового клиента Thunderbird, позволяющая нарушителю оказать воздействие конфиденциальность, целостность и доступность защищаемой информации
EPSS
4.3 Medium
CVSS3