CVE-2023-0616

If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8.
References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1806507 Issue Tracking Permissions Required Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-07/ Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1806507 Issue Tracking Permissions Required Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-07/ Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:37

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1806507 - Issue Tracking, Permissions Required, Vendor Advisory () https://bugzilla.mozilla.org/show_bug.cgi?id=1806507 - Issue Tracking, Permissions Required, Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2023-07/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2023-07/ - Vendor Advisory

08 Jun 2023, 19:35

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CWE CWE-400
References (MISC) https://www.mozilla.org/security/advisories/mfsa2023-07/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2023-07/ - Vendor Advisory
References (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1806507 - (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1806507 - Issue Tracking, Permissions Required, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5

02 Jun 2023, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-02 17:15

Updated : 2024-11-21 07:37


NVD link : CVE-2023-0616

Mitre link : CVE-2023-0616

CVE.ORG link : CVE-2023-0616


JSON object : View

Products Affected

mozilla

  • thunderbird
CWE
CWE-400

Uncontrolled Resource Consumption