Mozilla Foundation Security Advisory 2023-04

Security Vulnerabilities fixed in Thunderbird 102.7.1

Announced

January 23, 2023

Impact

high

Products

Thunderbird

Fixed in

Thunderbird 102.7.1

#CVE-2023-0430: Revocation status of S/Mime signature certificates was not checked

Reporter: Paul Menzel
Impact: high

Description

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug.

References

Bug 1769000

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising