CVE-2023-3417

CVSS v3.1 7.5 (High)

EPSS 0.10 % (41^th)

Affected Products 2

Advisories 18

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2023-07-24 11:15:09
(14 months ago)
Updated Date: 2023-08-01 17:53:51
(13 months ago)

Affected Products

Debian

Debian Linux

Mozilla

Thunderbird

Configuration #1

		CPE23	From	Up To
	Mozilla Thunderbird prior 102.13.1 version	cpe:2.3:a:mozilla:thunderbird		< 102.13.1
	Mozilla Thunderbird from 115.0 version and prior 115.0.1 version	cpe:2.3:a:mozilla:thunderbird	>= 115.0	< 115.0.1

Configuration #2

		CPE23	From	Up To
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0
	Debian Linux 11.0	cpe:2.3:o:debian:debian_linux:11.0
	Debian Linux 12.0	cpe:2.3:o:debian:debian_linux:12.0