Home

CVE-2021-23992

Description

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbird user may falsely conclude that the false user ID belongs to the correspondent. This vulnerability affects Thunderbird < 78.9.1.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.087

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-23991,CVE-2021-23992 are affected in Mozilla Thunderbird for Mac 78.4.2Mac
(RHSA-2021:1192) thunderbird security update thunderbird-78.9.1-1.el7_9.x86_64.rpmLinux
(RHSA-2021:1193) thunderbird security update thunderbird-78.9.1-1.el8_3.x86_64.rpmLinux
(RHSA-2021:1193) thunderbird security update thunderbird-debugsource-78.9.1-1.el8_3.x86_64.rpmLinux
thunderbird security update(DSA-4897-1) thunderbird_78.10.0-1~deb10u1_i386.debLinux
thunderbird security update(DSA-4897-1) thunderbird_78.10.0-1~deb10u1_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-4995-1) thunderbird_78.11.0+build1-0ubuntu0.20.04.2_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-4995-1) thunderbird_78.11.0+build1-0ubuntu0.20.10.2_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-4995-1) thunderbird_78.11.0+build1-0ubuntu0.21.04.2_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-4995-2) thunderbird_78.11.0+build1-0ubuntu0.18.04.2_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-4995-2) thunderbird_78.11.0+build1-0ubuntu0.18.04.2_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-611807Mozilla Thunderbird For Mac (142.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234