GSD-2023-0616
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-0616",
"id": "GSD-2023-0616",
"references": [
"https://www.debian.org/security/2023/dsa-5355",
"https://advisories.mageia.org/CVE-2023-0616.html",
"https://access.redhat.com/errata/RHSA-2023:0817",
"https://access.redhat.com/errata/RHSA-2023:0818",
"https://access.redhat.com/errata/RHSA-2023:0819",
"https://access.redhat.com/errata/RHSA-2023:0820",
"https://access.redhat.com/errata/RHSA-2023:0821",
"https://access.redhat.com/errata/RHSA-2023:0822",
"https://access.redhat.com/errata/RHSA-2023:0823",
"https://access.redhat.com/errata/RHSA-2023:0824",
"https://www.suse.com/security/cve/CVE-2023-0616.html",
"https://ubuntu.com/security/CVE-2023-0616"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-0616"
],
"details": "If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird\u0027s user interface to lock up and no longer respond to the user\u0027s actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird \u003c 102.8.",
"id": "GSD-2023-0616",
"modified": "2023-12-13T01:20:22.977687Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2023-0616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "102.8"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird\u0027s user interface to lock up and no longer respond to the user\u0027s actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird \u003c 102.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface lockup with messages combining S/MIME and OpenPGP"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1806507",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1806507"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "102.8",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2023-0616"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird\u0027s user interface to lock up and no longer respond to the user\u0027s actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird \u003c 102.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1806507",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1806507"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2023-07/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-07/"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-06-08T19:35Z",
"publishedDate": "2023-06-02T17:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…