Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2023-0616

Published: 20 February 2023

If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8.

Priority

Medium

Status

Package Release Status
thunderbird
Launchpad, Ubuntu, Debian
bionic
Released (1:102.8.0+build2-0ubuntu0.18.04.1)
focal
Released (1:102.8.0+build2-0ubuntu0.20.04.1)
jammy
Released (1:102.8.0+build2-0ubuntu0.22.04.1)
kinetic
Released (1:102.8.0+build2-0ubuntu0.22.10.1)
lunar Needs triage

trusty Ignored
(out of standard support)
upstream
Released (1:102.8.0-1)
xenial Ignored
(out of standard support)