18 matches found
EUVD-2025-199640
CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing requires 3 preprocessing rounds, identifiable abort, and a key refresh protocol. In versions 0.6.3 and prior of cggmp21 and version 0.7.0-alpha.1 of cggmp24, presignatures can be used in the way that significantly reduces...
EUVD-2025-199643
CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing requires 3 preprocessing rounds, identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full...
GHSA-7MX2-7Q8P-PGMW Symfony may allow a user to switch to using another user's identity
Symfony 2.0.6 has just been released. It addresses a security vulnerability in the EntityUserProvider as provided in the Doctrine bridge. If you let your users update their login/username from a form, and if you are using Doctrine as a user provider, then you are vulnerable and you should upgrade...
Mageia: Security Advisory (MGASA-2021-0189)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security fix for the ALT Linux 10 package thunderbird version 78.10.0-alt1
April 26, 2021 Andrey Cherepanov 78.10.0-alt1 - New version 78.10.0. - Security fixes: + CVE-2021-23994 Out of bound write due to lazy initialization + CVE-2021-23995 Use-after-free in Responsive Design Mode + CVE-2021-23998 Secure Lock icon could have been spoofed + CVE-2021-23961 More internal...
CentOS 7 : thunderbird (RHSA-2021:1192)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1192 advisory. - If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has...
Security update for MozillaThunderbird (important)
openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:0580-1 Rating: important References: 1177542 1183942 1184536 Cross-References: CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-23991 CVE-2021-23992 CVE-2021-23993 CVSS scores:...
MGASA-2021-0189 Updated thunderbird packages fix security vulnerabilities
An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key CVE-2021-23991. A crafted OpenPGP key with an invalid user ID could be used to confuse the user CVE-2021-23992. Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key CVE-2021-23993...
CentOS 8 : thunderbird (CESA-2021:1193)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:1193 advisory. - Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key CVE-2021-23991 - Mozilla: A crafted OpenPGP key wi...
RHEL 8 : thunderbird (RHSA-2021:1201)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1201 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.1. Security Fixes: Mozilla: ...
Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key
If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might...
Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key
If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might...
Moderate: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key
If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might...
Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key
If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might...
RHEL 8 : thunderbird (RHSA-2021:1190)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1190 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.1. Security Fixes: Mozilla: ...
SUSE-SU-2021:1167-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to version 78.9.1 MFSA 2021-12,MFSA 2021-13, bsc1183942, bsc1184536 CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read CVE-2021-23982: Internal network host...
OPENSUSE-SU-2018:1330-1 Security update for enigmail
This update for enigmail to version 2.0.4 fixes multiple issues. Security issues fixed: - CVE-2017-17688: CFB gadget attacks allowed to exfiltrate plaintext out of encrypted emails. enigmail now fails on GnuPG integrity check warnings for old Algorithms bsc1093151 - CVE-2017-17689: CBC gadget...