Red Hat: CVE-2023-0430: Revocation status of S/Mime signature certificates was not checked (Multiple Advisories)

Red Hat: CVE-2023-0430: Revocation status of S/Mime signature certificates was not checked (Multiple Advisories)

Severity

7

CVSS

(AV:N/AC:M/Au:N/C:N/I:C/A:N)

Published

02/06/2023

Created

02/08/2023

Added

02/08/2023

Modified

01/28/2025

Description

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1.

Solution(s)

• redhat-upgrade-thunderbird
• redhat-upgrade-thunderbird-debuginfo
• redhat-upgrade-thunderbird-debugsource

References

• CVE-2023-0430
• RHSA-2023:0600
• RHSA-2023:0603
• RHSA-2023:0605
• RHSA-2023:0606
• RHSA-2023:0607
• RHSA-2023:0608

View more