PT-2023-3680 · Mozilla+10 · Thunderbird+10

Junsung Lee

Published

2023-07-20

Updated

2024-06-15

CVE-2023-3417

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 115.0.1 Thunderbird versions prior to 102.13.1

Description The issue exists due to the incorrect handling of the Unicode character for text direction override in filenames. This could allow a remote attacker to conduct spoofing attacks by making an executable file appear as a document file.

Recommendations For versions prior to 115.0.1, update to version 115.0.1 or later to resolve the issue. For versions prior to 102.13.1, update to version 102.13.1 or later to resolve the issue. As a temporary workaround, consider disabling the handling of the Text Direction Override Unicode Character in filenames until a patch is available.

Exploit

Fix

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-451

Related Identifiers

ALSA-2023:4497

ALSA-2023:4499

ALT-PU-2023-5836

ALT-PU-2024-3860

ALT-PU-2024-4748

BDU:2023-03965

CESA-2023_4497

CVE-2023-3417

DLA-3510-1

DSA-5463-1

MGASA-2023-0266

OPENSUSE-SU-2023_3059-1

OPENSUSE-SU-2024:13072-1

RHSA-2023:4492

RHSA-2023:4493

RHSA-2023:4494

RHSA-2023:4495

RHSA-2023:4496

RHSA-2023:4497

RHSA-2023:4499

RHSA-2023:4500

RHSA-2023_4495

RHSA-2023_4497

RHSA-2023_4499

RLSA-2023:4497

RLSA-2023:4499

ROSA-SA-2023-2232

ROSA-SA-2023-2233

SUSE-SU-2023:3059-1

USN-6333-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2023-3680 · Mozilla+10 · Thunderbird+10

CVE-2023-3417

Weakness Enumeration

Related Identifiers

Affected Products

References · 117