First published: Tue Jul 04 2023(Updated: )
Last updated 24 July 2024
Credit: security@mozilla.org security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Thunderbird | <102.13.1 | |
Mozilla Thunderbird | >=115.0<115.0.1 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Debian Debian Linux | =12.0 | |
Mozilla Thunderbird | <115.0.1 | 115.0.1 |
Mozilla Thunderbird | <102.13.1 | 102.13.1 |
redhat/thunderbird | <102.13.1 | 102.13.1 |
redhat/thunderbird | <115.0.1 | 115.0.1 |
debian/thunderbird | 1:115.12.0-1~deb11u1 1:128.5.0esr-1~deb11u1 1:115.16.0esr-1~deb12u1 1:128.5.0esr-1~deb12u1 1:128.5.2esr-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-3417.
The impact of CVE-2023-3417 was that Thunderbird allowed the Text Direction Override Unicode Character in filenames, resulting in email attachments being incorrectly shown as document files when they were actually executable files.
Thunderbird versions up to 102.13.1 and versions up to 115.0.1 are affected by CVE-2023-3417.
To mitigate CVE-2023-3417, it is recommended to update to newer versions of Thunderbird (102.13.1 or higher) that strip the Text Direction Override Unicode Character from filenames.
You can find more information about CVE-2023-3417 on the Mozilla security advisories pages: [https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/](https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/) and [https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/](https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/)