Lucene search

K

GoogleOSV:RLSA-2023:0608

HistoryFeb 06, 2023 - 7:23 p.m.

Important: thunderbird security update

2023-02-0619:23:17

Google

osv.dev

5

mozilla thunderbird

security update

s/mime signature

cve-2023-0430

mail client

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.7%

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.7.1.

Security Fix(es):

Mozilla: Revocation status of S/Mime signature certificates was not checked (CVE-2023-0430)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

bugzilla.redhat.com/show_bug.cgi?id=2166591

errata.rockylinux.org/RLSA-2023:0608

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.7%

Related for OSV:RLSA-2023:0608

osv6 redhat8 cve1 nessus27 veracode1 oraclelinux3 openvas9 nvd1 redhatcve1 debiancve1 ubuntucve1 almalinux2 altlinux1 cvelist1 rocky2 kaspersky1 mozilla1 centos1 slackware1 prion1 mageia1 debian2 ubuntu1 amazon1