CVE-2023-0430

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Thunderbird versions 68 through 102.7.0

Description The issue is related to errors in checking the S/Mime signature's OCSP certificate revocation status. This could allow a remote attacker to implement a spoofing attack. Mail signed with a revoked certificate would be displayed as having a valid signature.

Recommendations For Thunderbird versions 68 through 102.7.0, update to version 102.7.1 or later to resolve the issue. As a temporary workaround, consider disabling S/Mime signature verification until a patch is available.

Exploit

Fix

Improper Certificate Validation

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295CWE-347

Related Identifiers

ALSA-2023:0606

ALSA-2023:0608

ALT-PU-2023-1177

ALT-PU-2023-1193

ALT-PU-2023-1214

ALT-PU-2023-4335

BDU:2023-00529

CESA-2023_0600

CESA-2023_0606

CVE-2023-0430

DLA-3324-1

DSA-5355-1

MGASA-2023-0034

OPENSUSE-SU-2023_0329-1

OPENSUSE-SU-2024:12652-1

RHSA-2023:0600

RHSA-2023:0601

RHSA-2023:0602

RHSA-2023:0603

RHSA-2023:0605

RHSA-2023:0606

RHSA-2023:0607

RHSA-2023:0608

RHSA-2023_0600

RHSA-2023_0606

RHSA-2023_0608

RLSA-2023:0606

RLSA-2023:0608

SUSE-SU-2023:0329-1

USN-5824-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Thunderbird

Ubuntu

CVE-2023-0430

Weakness Enumeration

Related Identifiers

Affected Products

References · 81