MiracleLinux 9 : thunderbird-102.10.0-2.el9.ML.1 (AXSA:2023-5301:15)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5301:15 advisory. Thunderbird: Revocation status of S/Mime recipient certificates was not checked CVE-2023-0547 Mozilla: Matrix SDK bundled with Thunderbird vulnerabl...

EUVD-2007-1265

Malware in sbrugna...

EUVD-2010-3614

Malware in sbrugna...

GHSA-9RMP-2568-59RV rPGP Panics on Malformed Untrusted Input

During a security audit, Radically Open Security discovered several reachable edge cases which allow an attacker to trigger rpgp crashes by providing crafted data. Impact When processing malformed input, rpgp can run into Rust panics which halt the program. This can happen in the following...

Debian dsa-5814 : thunderbird - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5814 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5814-1 [email protected] https://www.debian.org/security/ Moritz...

SUSE CVE-2024-11159

Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird 128.4.3 and Thunderbird 132.0.1...

Mozilla Thunderbird < 128.4.3

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.4.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-61 advisory. - Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. CVE-2024-11159 Note...

Mozilla Thunderbird < 128.4.3

The version of Thunderbird installed on the remote Windows host is prior to 128.4.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-61 advisory. - Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. CVE-2024-11159 Note that Ness...

SUSE-SU-2023:2064-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 102.10.1 MFSA 2023-15 bsc1210212: Security fixes: CVE-2023-29531: Out-of-bound memory access in WebGL on macOS bmo1794292 CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass bmo1806394...

Mageia: Security Advisory (MGASA-2023-0147)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2023-102-01)

The version of mozilla-thunderbird installed on the remote host is prior to 102.10.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-102-01 advisory. - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and...

Mozilla Thunderbird Security Advisory (MFSA2023-15) - Mac OS X

Thunderbird is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

SUSE CVE-2007-1263

GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection...

SUSE CVE-2007-1268

Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without...

SUSE CVE-2007-1267

Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message...

Ubuntu 14.04 LTS : GnuPG vulnerability (USN-2258-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2258-1 advisory. Jean-Ren Reinhard, Olivier Levillain and Florian Maury discovered that GnuPG incorrectly handled certain OpenPGP messages. If a user or automated system were...

Mandriva Linux Security Advisory : gnupg (MDVSA-2013:247)

Multiple vulnerabilities has been discovered and corrected in gnupg : GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended cryptographic protection...

MGASA-2013-0303 Updated gnupg packages fix CVE-2013-4402

Updated gnupg package fixes security vulnerability: Special crafted input data may be used to cause a denial of service against GPG. GPG can be forced to recursively parse certain parts of OpenPGP messages ad infinitum CVE-2013-4402...

MGASA-2013-0299 Updated gnupg2 packages fix multiple vulnerabilities

Updated gnupg2 package fixes security vulnerabilities: RFC 4880 permits OpenPGP keyholders to mark their primary keys and subkeys with a "key flags" packet that indicates the capabilities of the key. These are represented as a set of binary flags, including things like "This key may be used to...

gnupg/gpgme signed message spoofing

GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection...