Описание
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | 1:115.6.0+build2-0ubuntu1 |
| esm-infra/focal | DNE | |
| focal | released | 1:115.6.0+build2-0ubuntu0.20.04.1 |
| jammy | released | 1:115.6.0+build2-0ubuntu0.22.04.1 |
| lunar | released | 1:115.6.0+build2-0ubuntu0.23.04.1 |
| mantic | released | 1:115.6.0+build2-0ubuntu0.23.10.1 |
| trusty | ignored | end of standard support |
| upstream | released | 1:115.6.0-1 |
| xenial | ignored | end of standard support |
Показывать по
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.
When processing a PGP/MIME payload that contains digitally signed text ...
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.
Уязвимость почтового клиента Thunderbird, связанная с ошибками обработки криптографической подписи OpenPGP, позволяющая нарушителю осуществить спуфинг-атаку
EPSS
4.3 Medium
CVSS3