CVE-2023-50761

Published: Dec 19, 2023

Modified: Feb 13, 2025

PUBLISHED

Description

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6.

Vendor	Product	Versions
Mozilla	Thunderbird	affected `unspecified - < 115.6`

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1865647

https://www.mozilla.org/security/advisories/mfsa2023-55/

https://www.debian.org/security/2023/dsa-5582

https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-50761

Description

Affected Products

References