Rewterz Threat Advisory – Multiple Mozilla Thunderbird Vulnerabilities

Rewterz Threat Update – A Crypto Hardware Wallet LEDGER Supply Chain Attack Caused a $600K Theft

December 20, 2023

Rewterz Threat Advisory – Multiple Mozilla Thunderbird Vulnerabilities

December 20, 2023

Rewterz Threat Advisory – Multiple Mozilla Thunderbird Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-50761 CVSS:6.5

Mozilla Thunderbird could allow a remote attacker to bypass security restrictions, caused by the acceptance of S/MIME signatures despite mismatching message date. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to give recipients the impression that a message was sent at a different date or time.

CVE-2023-50762 CVSS:6.5

Mozilla Thunderbird could allow a remote attacker to conduct spoofing attacks, caused by the showing of truncated signed text with a valid OpenPGP signature. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof an email message.

Impact

Security Bypass
Gain Access

Indicators Of Compromise

CVE

CVE-2023-50761
CVE-2023-50762

Affected Vendors

Mozilla

Affected Products

Mozilla Thunderbird 115.5

Remediation

Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.

Mozilla Foundation Security Advisory

Rewterz Threat Update – A Crypto Hardware Wallet LEDGER Supply Chain Attack Caused a $600K Theft

Rewterz Threat Advisory – Multiple Mozilla Thunderbird Vulnerabilities

Rewterz Threat Advisory – Multiple Mozilla Thunderbird Vulnerabilities

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan