Search for vulnerabilities
Vulnerability details: VCID-7v91-6qna-aaan
Vulnerability ID VCID-7v91-6qna-aaan
Aliases CVE-2023-50762
Summary When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-347 Improper Verification of Cryptographic Signature
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50762.json
epss 0.00050 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
epss 0.0112 https://api.first.org/data/v1/epss?cve=CVE-2023-50762
cvssv3 4.3 https://nvd.nist.gov/vuln/detail/CVE-2023-50762
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2023-50762
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-55
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50762.json
https://api.first.org/data/v1/epss?cve=CVE-2023-50762
https://bugzilla.mozilla.org/show_bug.cgi?id=1862625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6873
https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html
https://www.debian.org/security/2023/dsa-5582
https://www.mozilla.org/security/advisories/mfsa2023-55/
2255379 https://bugzilla.redhat.com/show_bug.cgi?id=2255379
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
CVE-2023-50762 https://nvd.nist.gov/vuln/detail/CVE-2023-50762
GLSA-202402-25 https://security.gentoo.org/glsa/202402-25
mfsa2023-55 https://www.mozilla.org/en-US/security/advisories/mfsa2023-55
RHSA-2024:0001 https://access.redhat.com/errata/RHSA-2024:0001
RHSA-2024:0002 https://access.redhat.com/errata/RHSA-2024:0002
RHSA-2024:0003 https://access.redhat.com/errata/RHSA-2024:0003
RHSA-2024:0004 https://access.redhat.com/errata/RHSA-2024:0004
RHSA-2024:0005 https://access.redhat.com/errata/RHSA-2024:0005
RHSA-2024:0027 https://access.redhat.com/errata/RHSA-2024:0027
RHSA-2024:0028 https://access.redhat.com/errata/RHSA-2024:0028
RHSA-2024:0029 https://access.redhat.com/errata/RHSA-2024:0029
RHSA-2024:0030 https://access.redhat.com/errata/RHSA-2024:0030
USN-6563-1 https://usn.ubuntu.com/6563-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50762.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-50762
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-50762
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.20539
EPSS Score 0.00050
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-01-03T17:14:22.307553+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2023-50762 34.0.0rc1