CVE-2023-0547

Summary

OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 102.10affected

Weaknesses

  • Revocation status of S/Mime recipient certificates was not checked

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References