#VU84576 Spoofing attack in Mozilla Thunderbird - CVE-2023-50762


Vulnerability identifier: #VU84576

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-50762

CWE-ID: CWE-451

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Mozilla Thunderbird
Client/Desktop applications / Messaging software

Vendor: Mozilla

Description

The vulnerability allows a remote attacker to spoof email content.

The vulnerability exists due to incorrect processing of user-supplied data. When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Mozilla Thunderbird: 102.0 - 102.15.1, 115.0 - 115.5.2

External links
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Anolis OS update for thunderbird
Gentoo update for Mozilla Thunderbird
CentOS 7 update for thunderbird
SUSE update for MozillaThunderbird
Anolis OS update for thunderbird
Red Hat Enterprise Linux 8 update for thunderbird
Red Hat Enterprise Linux 9.2 Extended Update Support update for thunderbird
Red Hat Enterprise Linux 7 update for thunderbird
Red Hat Enterprise Linux 9.0 Extended Update Support update for thunderbird
Ubuntu update for thunderbird