Windows Driver Revocation List Security Feature Bypass Vulnerability

...

SUSE CVE-2023-0547

OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird 102.10...

openssl: X.400 address type confusion in X.509 GeneralName

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

Debian dla-3400 : thunderbird - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3400 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3400-1 [email protected]...

Thunderbird: Revocation status of S/Mime recipient certificates was not checked

The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...

Thunderbird: Revocation status of S/Mime recipient certificates was not checked

The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...

Thunderbird: Revocation status of S/Mime recipient certificates was not checked

The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...

Thunderbird: Revocation status of S/Mime recipient certificates was not checked

The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...

Thunderbird: Revocation status of S/Mime recipient certificates was not checked

The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...

Mageia: Security Advisory (MGASA-2023-0147)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Thunderbird Trust Management Issues Vulnerability (CNVD-2023-55352)

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A security vulnerability exists in Mozilla Thunderbird, which can be exploited to conduct...

MGASA-2023-0147 Updated thunderbird packages fix security vulnerability

Fullscreen notification obscured. CVE-2023-29533 Double-free in libwebp. MFSA-TMP-2023-0001 Potential Memory Corruption following Garbage Collector compaction. CVE-2023-29535 Invalid free from JavaScript code. CVE-2023-29536 Revocation status of S/Mime recipient certificates was not checked...

Mozilla Thunderbird 信任管理问题漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A security vulnerability exists in Mozilla Thunderbird, which can be exploited to conduct...

USN-6015-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2023-102-01)

The version of mozilla-thunderbird installed on the remote host is prior to 102.10.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-102-01 advisory. - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and...

CVE-2023-0547

OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird 102.10...

PT-2023-2800 · Mozilla +9 · Thunderbird +9

Name of the Vulnerable Software and Affected Versions: Thunderbird versions 68 through 102.9.1 Thunderbird versions prior to 102.10 Description: The issue is related to the implementation of the S/MIME protocol in the Thunderbird email client, specifically with errors in resource release. When...

Security Vulnerabilities fixed in Thunderbird 102.10 — Mozilla

An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash.This bug only affects Thunderbird for macOS. Other operating systems are unaffected. A local attacker can trick the Mozilla Maintenance Service into...

Cloud Foundry UAA代码问题漏洞

Cloud Foundry UAA is a U.S. Cloud Foundry Foundation authentication and managed service endpoint for the CloudFoundry cloud platform. A security vulnerability exists in all supported versions of UAA, which stems from the fact that the system does not revoke IDP tokens even if they are deactivated...

Spring Vault vulnerable to insertion of sensitive information into a log file

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token...