Lucene search

K

GoogleOSV:RLSA-2023:0606

HistoryFeb 06, 2023 - 7:21 p.m.

Important: thunderbird security update

2023-02-0619:21:05

Google

osv.dev

2

security update

mail client

newsgroup client

s/mime signature

certificates

cve-2023-0430

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.7.1.

Security Fix(es):

Mozilla: Revocation status of S/Mime signature certificates was not checked (CVE-2023-0430)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

bugzilla.redhat.com/show_bug.cgi?id=2166591

errata.rockylinux.org/RLSA-2023:0606

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

Related for OSV:RLSA-2023:0606

cve1 nessus27 redhat8 veracode1 osv6 redhatcve1 oraclelinux3 ubuntucve1 openvas9 nvd1 debiancve1 almalinux2 altlinux1 cvelist1 slackware1 rocky2 centos1 mozilla1 kaspersky1 prion1 mageia1 debian2 amazon1 ubuntu1