Lucene search

K

Redhat.comRH:CVE-2023-50761

HistoryDec 20, 2023 - 1:33 p.m.

CVE-2023-50761

2023-12-2013:33:22

redhat.com

access.redhat.com

16

mozilla foundation

thunderbird

s/mime

email signature

date mismatch

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time.

References

bugzilla.redhat.com/show_bug.cgi?id=2255378

nvd.nist.gov/vuln/detail/CVE-2023-50761

www.cve.org/CVERecord?id=CVE-2023-50761

www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50761

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

Related for RH:CVE-2023-50761

prion1 cve1 nvd1 debiancve1 alpinelinux1 ubuntucve1 cvelist1 veracode1 osv6 nessus28 debian2 openvas9 oraclelinux3 redhat9 amazon1 mozilla1 almalinux2 rocky1 centos1 slackware1 kaspersky1 ubuntu1 mageia1 gentoo1