PT-2023-1561 · Mozilla+8 · Thunderbird+8

Kai Engert

·

Publicado

2023-02-14

·

Atualizado

2025-01-10

·

CVE-2023-0616

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 102.8
Description The issue is related to the processing of OpenPGP and OpenPGP MIME data in a specific way, which could cause Thunderbird's user interface to lock up and no longer respond to user actions. An attacker could send a crafted message to attempt a DoS attack by exploiting this error.
Recommendations For versions prior to 102.8, update to version 102.8 or later to resolve the issue. As a temporary workaround, consider avoiding the use of OpenPGP and OpenPGP MIME data in emails until the update is applied.

Correção

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-400CWE-449

Identificadores relacionados

ALSA-2023:0821
ALSA-2023:0824
ALT-PU-2023-1374
ALT-PU-2023-1411
ALT-PU-2023-1765
ALT-PU-2023-4366
BDU:2023-01028
CESA-2023_0817
CESA-2023_0821
CVE-2023-0616
DLA-3324-1
DSA-5355-1
MGASA-2023-0057
OPENSUSE-SU-2024:12713-1
RHSA-2023:0817
RHSA-2023:0818
RHSA-2023:0819
RHSA-2023:0820
RHSA-2023:0821
RHSA-2023:0822
RHSA-2023:0823
RHSA-2023:0824
RHSA-2023_0817
RHSA-2023_0821
RHSA-2023_0824
RLSA-2023:0821
RLSA-2023:0824
SUSE-SU-2023:0599-1
USN-5943-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Rocky Linux
Thunderbird
Ubuntu