redhat_7 thunderbird 对危险操作的ui警示不充分

admin

0
文章

0
评论

2023-11-30 07:11:44 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 redhat_7 thunderbird 对危险操作的ui警示不充分

CVE编号

CVE-2022-2226

利用情况

暂无

补丁情况

官方补丁

披露时间

2022-06-28

漏洞描述

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this issue of when an OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, it will show the email's date. If the dates were different, Thunderbird didn't report the email as having an invalid signature. If an attacker performs a replay attack, in which an old email with old contents is present at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://bugzilla.mozilla.org/show_bug.cgi?id=1775441
https://www.mozilla.org/security/advisories/mfsa2022-26/

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	mozilla	thunderbird	*		Up to (excluding) 91.11
	运行在以下环境
	应用	mozilla	thunderbird	101.0	-
	运行在以下环境
	系统	alpine_3.16	thunderbird	*		Up to (excluding) 91.11.0-r0
	运行在以下环境
	系统	alpine_3.17	thunderbird	*		Up to (excluding) 102.0-r0
	运行在以下环境
	系统	alpine_3.18	thunderbird	*		Up to (excluding) 102.0-r0
	运行在以下环境
	系统	alpine_edge	thunderbird	*		Up to (excluding) 102.0-r0
	运行在以下环境
	系统	amazon_2	thunderbird	*		Up to (excluding) 91.11.0-2.amzn2.0.1
	运行在以下环境
	系统	anolis_os_7	thunderbird	*		Up to (excluding) 91.11.0-2.0.1
	运行在以下环境
	系统	anolis_os_8	thunderbird	*		Up to (excluding) 91.11.0-2.0.1
	运行在以下环境
	系统	centos_7	thunderbird	*		Up to (excluding) 91.11.0-2.el7.centos
	运行在以下环境
	系统	centos_8	thunderbird	*		Up to (excluding) 91.11.0-2.el8_6
	运行在以下环境
	系统	debian_10	thunderbird	*		Up to (excluding) 1:91.11.0-1~deb10u1
	运行在以下环境
	系统	debian_11	thunderbird	*		Up to (excluding) 1:91.11.0-1~deb11u1
	运行在以下环境
	系统	debian_12	thunderbird	*		Up to (excluding) 1:91.11.0-1
	运行在以下环境
	系统	debian_9	thunderbird	*		Up to (including) 68.10.0-1~deb9u1
	运行在以下环境
	系统	debian_sid	thunderbird	*		Up to (excluding) 1:91.11.0-1
	运行在以下环境
	系统	opensuse_Leap_15.3	MozillaThunderbird	*		Up to (excluding) 102.2.2-150200.8.82.1
	运行在以下环境
	系统	opensuse_Leap_15.4	MozillaThunderbird	*		Up to (excluding) 102.2.2-150200.8.82.1
	运行在以下环境
	系统	oracle_7	oraclelinux-release	*		Up to (excluding) 91.11.0-2.0.1.el7_9
	运行在以下环境
	系统	oracle_8	oraclelinux-release	*		Up to (excluding) 91.11.0-2.0.1.el8_6
	运行在以下环境
	系统	oracle_9	oraclelinux-release	*		Up to (excluding) 91.11.0-2.0.1.el9_0
	运行在以下环境
	系统	redhat_7	thunderbird	*		Up to (excluding) 91.11.0-2.el7_9
	运行在以下环境
	系统	redhat_8	thunderbird	*		Up to (excluding) 91.11.0-2.el8_6
	运行在以下环境
	系统	redhat_9	thunderbird	*		Up to (excluding) 91.11.0-2.el9_0
	运行在以下环境
	系统	ubuntu_18.04	thunderbird	*		Up to (excluding) 1:91.11.0+build2-0ubuntu0.18.04.1
	运行在以下环境
	系统	ubuntu_20.04	thunderbird	*		Up to (excluding) 1:91.11.0+build2-0ubuntu0.20.04.1
	运行在以下环境
	系统	ubuntu_21.10	thunderbird	*		Up to (excluding) 1:91.11.0+build2-0ubuntu0.21.10.1
	运行在以下环境
	系统	ubuntu_22.04	thunderbird	*		Up to (excluding) 1:91.11.0+build2-0ubuntu0.22.04.1