Main Vulnerability Database Vulnerabilities #VU72329

Resource management error in Mozilla Thunderbird - CVE-2023-0616

Published: February 16, 2023

Vulnerability identifier: #VU72329

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-0616

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Thunderbird

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application. If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/

Resource management error in Mozilla Thunderbird - CVE-2023-0616

Description

Remediation

External links

Please verify you're human