#CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver Reporter DoHyun Lee Impact high Description This could be used to give recipients the impression that a message was sent at a different date or time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. #CVE-2023-50761: S/MIME signature accepted despite mismatching message date Reporter Marcus Brinkmann Impact high Description A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. ![]() This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. ![]() #CVE-2023-50762: Truncated signed text was shown with a valid OpenPGP signature Reporter Marcus Brinkmann Impact high Description Mozilla Foundation Security Advisory 2023-55 Security Vulnerabilities fixed in Thunderbird 115.6 Announced DecemImpact high Products Thunderbird Fixed in
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |