{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-50762", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2023-12-12T16:29:47.908Z", "datePublished": "2023-12-19T13:38:34.261Z", "dateUpdated": "2023-12-19T13:38:34.261Z"}, "containers": {"cna": {"affected": [{"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "115.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6."}]}], "problemTypes": [{"descriptions": [{"description": "Truncated signed text was shown with a valid OpenPGP signature", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1862625"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-55/"}, {"url": "https://www.debian.org/security/2023/dsa-5582"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html"}], "credits": [{"lang": "en", "value": "Marcus Brinkmann"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2023-12-19T13:38:34.261Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "1856451B-B03F-4BF2-AEFE-BF66D82D9E78", "versionEndExcluding": "115.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6."}, {"lang": "es", "value": "Al procesar un payload PGP/MIME que contiene texto firmado digitalmente, el primer p\u00e1rrafo del texto nunca se mostr\u00f3 al usuario. Esto se debe a que el texto se interpret\u00f3 como un mensaje MIME y el primer p\u00e1rrafo siempre se trat\u00f3 como una secci\u00f3n de encabezado de correo electr\u00f3nico. Un texto firmado digitalmente de un contexto diferente, como un commit GIT firmada, podr\u00eda usarse para falsificar un mensaje de correo electr\u00f3nico. Esta vulnerabilidad afecta a Thunderbird &lt; 115.6."}], "id": "CVE-2023-50762", "lastModified": "2023-12-29T13:15:08.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-19T14:15:07.093", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1862625"}, {"source": "security@mozilla.org", "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5582"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}