Thunderbird 安全特性绕过漏洞(CVE-2023-0430)

admin

0
文章

0
评论

2023-11-30 03:56:30 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 Thunderbird 安全特性绕过漏洞(CVE-2023-0430)

CVE编号

CVE-2023-0430

利用情况

暂无

补丁情况

官方补丁

披露时间

2023-01-23

漏洞描述

The Mozilla Foundation Security Advisory describes this flaw as: Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://bugzilla.mozilla.org/show_bug.cgi?id=1769000
https://www.mozilla.org/security/advisories/mfsa2023-04/

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	mozilla	thunderbird	*	From (including) 68.0	Up to (excluding) 102.7.1
	运行在以下环境
	系统	anolis_os_7	thunderbird	*		Up to (excluding) 102.7.1-2.0.1
	运行在以下环境
	系统	anolis_os_8	thunderbird	*		Up to (excluding) 102.7.1-2.0.1
	运行在以下环境
	系统	centos_7	thunderbird	*		Up to (excluding) 102.7.1-2.el7_9
	运行在以下环境
	系统	centos_8	thunderbird-debuginfo	*		Up to (excluding) 102.7.1-2.el8_7
	运行在以下环境
	系统	debian_10	thunderbird	*		Up to (excluding) 1:102.8.0-1~deb10u1
	运行在以下环境
	系统	debian_11	thunderbird	*		Up to (excluding) 1:102.8.0-1~deb11u1
	运行在以下环境
	系统	debian_12	thunderbird	*		Up to (excluding) 1:102.7.1+1-1
	运行在以下环境
	系统	debian_sid	thunderbird	*		Up to (excluding) 1:102.7.1+1-1
	运行在以下环境
	系统	opensuse_Leap_15.4	MozillaThunderbird	*		Up to (excluding) 102.7.1-150200.8.102.1
	运行在以下环境
	系统	oracle_7	oraclelinux-release	*		Up to (excluding) 102.7.1-2.0.1.el7_9
	运行在以下环境
	系统	oracle_8	oraclelinux-release	*		Up to (excluding) 102.7.1-2.0.1.el8_7
	运行在以下环境
	系统	oracle_9	oraclelinux-release	*		Up to (excluding) 102.7.1-2.0.1.el9_1
	运行在以下环境
	系统	redhat_7	thunderbird	*		Up to (excluding) 102.7.1-2.el7_9
	运行在以下环境
	系统	redhat_8	thunderbird-debuginfo	*		Up to (excluding) 102.7.1-2.el8_7
	运行在以下环境
	系统	redhat_9	thunderbird	*		Up to (excluding) 102.7.1-2.el9_1
	运行在以下环境
	系统	unionos_a	thunderbird	*		Up to (excluding) thunderbird-102.7.1-2.uelc20.02