What is the vulnerability ID?

The vulnerability ID is CVE-2023-3417.

What was the impact of CVE-2023-3417?

The impact of CVE-2023-3417 was that Thunderbird allowed the Text Direction Override Unicode Character in filenames, resulting in email attachments being incorrectly shown as document files when they were actually executable files.

Which versions of Thunderbird are affected by CVE-2023-3417?

Thunderbird versions up to 102.13.1 and versions up to 115.0.1 are affected by CVE-2023-3417.

How can I mitigate CVE-2023-3417?

To mitigate CVE-2023-3417, it is recommended to update to newer versions of Thunderbird (102.13.1 or higher) that strip the Text Direction Override Unicode Character from filenames.

Where can I find more information about CVE-2023-3417?

You can find more information about CVE-2023-3417 on the Mozilla security advisories pages: [https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/](https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/) and [https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/](https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/)

Vulnerability/
CVE-2023-3417

high

7.5

CWE

4/7/2023

24/7/2023

25/10/2024

CVE-2023-3417

First published: Tue Jul 04 2023(Updated: )

Last updated 24 July 2024

Credit: security@mozilla.org security@mozilla.org security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Thunderbird	<102.13.1
Mozilla Thunderbird	>=115.0<115.0.1
Debian Debian Linux	=10.0
Debian Debian Linux	=11.0
Debian Debian Linux	=12.0
Mozilla Thunderbird	<115.0.1	115.0.1
Mozilla Thunderbird	<102.13.1	102.13.1
redhat/thunderbird	<102.13.1	102.13.1
redhat/thunderbird	<115.0.1	115.0.1
debian/thunderbird		1:115.12.0-1~deb11u1 1:128.4.3esr-1~deb11u1 1:115.16.0esr-1~deb12u1 1:128.4.3esr-1~deb12u1 1:128.4.3esr-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2023-3417.
What was the impact of CVE-2023-3417?
The impact of CVE-2023-3417 was that Thunderbird allowed the Text Direction Override Unicode Character in filenames, resulting in email attachments being incorrectly shown as document files when they were actually executable files.
Which versions of Thunderbird are affected by CVE-2023-3417?
Thunderbird versions up to 102.13.1 and versions up to 115.0.1 are affected by CVE-2023-3417.
How can I mitigate CVE-2023-3417?
To mitigate CVE-2023-3417, it is recommended to update to newer versions of Thunderbird (102.13.1 or higher) that strip the Text Direction Override Unicode Character from filenames.
Where can I find more information about CVE-2023-3417?
You can find more information about CVE-2023-3417 on the Mozilla security advisories pages: [https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/](https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/) and [https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/](https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/)

collector/nvd-index
collector/mozilla-advisory
agent/type
collector/launchpad-cve
source/Launchpad
agent/first-publish-date
source/Mozilla
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-3417
agent/author
agent/severity
agent/weakness
agent/description
agent/references
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-latest
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/mozilla
canonical/mozilla thunderbird
version/mozilla thunderbird/115.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
version/debian debian linux/11.0
version/debian debian linux/12.0
package-manager/redhat
package-manager/debian