Mozilla Foundation Security Advisory 2023-28

Security Vulnerabilities fixed in Thunderbird 102.13.1

Announced
July 4, 2023
Impact
high
Products
Thunderbird
Fixed in
  • Thunderbird 102.13.1

#CVE-2023-3417: File Extension Spoofing using the Text Direction Override Character

Reporter
이준성 (Junsung Lee)
Impact
moderate
Description

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension.

References