14 matches found
RNP 安全漏洞
RNP is a C++ library open-sourced by RNP. A security vulnerability exists in RNP version 0.18.0 that stems from an uninitialized symmetric session key used in PKESK packets, which could lead to a complete breach of confidentiality...
The vulnerability of the Ribose RNP library in the Thunderbird email client allows a hacker to cause a service failure.
The vulnerability of the Ribose RNP library in the Thunderbird email client is related to insufficient validation of input data during the analysis of PKESK/SKESK packets. Exploiting this vulnerability could allow a malicious actor to cause service failures...
Fedora 36 : rnp (2023-609db87741)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-609db87741 advisory. Version 0.16.3 2023-04-11 Security Fixed issue with possible hang on malformed inputs CVE-2023-29479. Fixed issue where in some cases, secret keys...
Denial Of Service (DoS)
thunderbird is vulnerable to Denial of Service DoS. The vulnerability exists due to incorrect parsing of PKESK/SKESK packets due to a bug in the Ribose RNP library causing an application hang resulting in an application crash...
Thunderbird: Hang when processing certain OpenPGP messages
The Mozilla Foundation Security Advisory describes this flaw as: Certain malformed OpenPGP messages could trigger incorrect parsing of PKESK/SKESK packets due to a bug in the Ribose RNP library used by Thunderbird up to version 102.9.1, which would cause the Thunderbird user interface to hang. Th...
Thunderbird: Hang when processing certain OpenPGP messages
The Mozilla Foundation Security Advisory describes this flaw as: Certain malformed OpenPGP messages could trigger incorrect parsing of PKESK/SKESK packets due to a bug in the Ribose RNP library used by Thunderbird up to version 102.9.1, which would cause the Thunderbird user interface to hang. Th...
Thunderbird: Hang when processing certain OpenPGP messages
The Mozilla Foundation Security Advisory describes this flaw as: Certain malformed OpenPGP messages could trigger incorrect parsing of PKESK/SKESK packets due to a bug in the Ribose RNP library used by Thunderbird up to version 102.9.1, which would cause the Thunderbird user interface to hang. Th...
CVE-2023-29479
The Mozilla Foundation Security Advisory describes this flaw as: Certain malformed OpenPGP messages could trigger incorrect parsing of PKESK/SKESK packets due to a bug in the Ribose RNP library used by Thunderbird up to version 102.9.1, which would cause the Thunderbird user interface to hang. Th...
Code injection
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid...
Oracle Linux 7 : thunderbird (ELSA-2021-1192)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-1192 advisory. 78.9.1-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.9.1-1 - Update to 78.9.1 Tenable has extracted...
Oracle Linux 8 : thunderbird (ELSA-2021-1193)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-1193 advisory. 78.9.1-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.9.1-1 - Update to 78.9.1 Tenable has extracted...
Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid...
Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid...
CVE-2021-23993
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid...