Nickolay Olshevsky

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 102 Thunderbird versions prior to 91.11 **Description** The issue is related to the lack of matching between the date of an OpenPGP digital signature and the date of an email. When an email with a digital signature is displayed, the email's date is shown. If the dates are different, Thunderbird does not report the email as having an invalid signature. This could allow a remote attacker to perform a replay attack, where an old email with old contents is resent at a later time, making the victim believe the statements in the email are current. **Recommendations** For Thunderbird versions prior to 102, update to version 102 or later to resolve the issue. For Thunderbird versions prior to 91.11, update to version 91.11 or later to resolve the issue.