CVE-2023-3417

Publication date 24 July 2023

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

7.5 · High

Score breakdown

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1.

Status

Package Ubuntu Release Status
thunderbird 24.04 LTS noble
Fixed 1:102.13.0+build1-0ubuntu1
23.10 mantic
Fixed 1:102.13.0+build1-0ubuntu1
23.04 lunar
Fixed 1:102.15.0+build1-0ubuntu0.23.04.1
22.04 LTS jammy
Fixed 1:102.15.0+build1-0ubuntu0.22.04.1
20.04 LTS focal
Fixed 1:102.15.0+build1-0ubuntu0.20.04.1
18.04 LTS bionic Ignored end of standard support
16.04 LTS xenial Ignored end of standard support
14.04 LTS trusty Ignored end of standard support

Severity score breakdown

Parameter Value
Base score 7.5 · High
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact High
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N