Back to search
CVE-2018-18509
Published: Apr 26, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird < 60.5.1.
| Vendor | Product | Versions |
|---|---|---|
Mozilla | Thunderbird | affected unspecified - < 60.5.1 |
References
openSUSE-SU-2019:1162
vendor-advisory
x_refsource_SUSE
https://www.mozilla.org/security/advisories/mfsa2019-06/
x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=1507218
x_refsource_MISC
[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)
mailing-list
x_refsource_MLIST
20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients
mailing-list
x_refsource_FULLDISC
RHSA-2019:1144
vendor-advisory
x_refsource_REDHAT
https://github.com/RUB-NDS/Johnny-You-Are-Fired
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now