N/A

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. This vulnerability affects Thunderbird < 68.1.1.

N/A

N/A

Mozilla Thunderbird 输入验证错误漏洞

Mozilla Thunderbird是美国Mozilla基金会的一套从Mozilla Application Suite独立出来的电子邮件客户端软件。该软件支持IMAP、POP邮件协议以及HTML邮件格式。 Mozilla Thunderbird 68.1.1之前版本中存在输入验证错误漏洞。攻击者可借助特制的S/MIME消息利用该漏洞实施欺骗攻击。

N/A

N/A