March 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Update – A Crypto Hardware Wallet LEDGER Supply Chain Attack Caused a $600K Theft
December 20, 2023Rewterz Threat Advisory – Multiple Mozilla Thunderbird Vulnerabilities
December 20, 2023Rewterz Threat Update – A Crypto Hardware Wallet LEDGER Supply Chain Attack Caused a $600K Theft
December 20, 2023Rewterz Threat Advisory – Multiple Mozilla Thunderbird Vulnerabilities
December 20, 2023
Severity
Medium
Analysis Summary
CVE-2023-50761 CVSS:6.5
Mozilla Thunderbird could allow a remote attacker to bypass security restrictions, caused by the acceptance of S/MIME signatures despite mismatching message date. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to give recipients the impression that a message was sent at a different date or time.
CVE-2023-50762 CVSS:6.5
Mozilla Thunderbird could allow a remote attacker to conduct spoofing attacks, caused by the showing of truncated signed text with a valid OpenPGP signature. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof an email message.
Impact
- Security Bypass
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-50761
- CVE-2023-50762
Affected Vendors
Mozilla
Affected Products
- Mozilla Thunderbird 115.5
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.