Описание
When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra/focal | DNE | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | released | 1:128.12.0+build1-0ubuntu0.22.04.1 |
| noble | not-affected | 2:1snap1-0ubuntu3 |
| oracular | not-affected | |
| plucky | not-affected | |
| upstream | released | 1:128.8.0esr-1 |
Показывать по
Ссылки на источники
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.
When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.
When requesting an OpenPGP key from a WKD server, an incorrect padding ...
When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.
Уязвимость почтового клиента Thunderbird, связанная с некорректным импортом ключа OpenPGP с сервера WKD, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
5.3 Medium
CVSS3