vulnerability
Oracle Solaris 11: CVE-2021-23992 (11.4 SRU 34.94.4)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Jun 16, 2021 | Jun 16, 2021 | Feb 17, 2022 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Jun 16, 2021
Added
Jun 16, 2021
Modified
Feb 17, 2022
Description
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbird user may falsely conclude that the false user ID belongs to the correspondent. This vulnerability affects Thunderbird < 78.9.1.
Solutions
oracle-solaris-11-4-upgrade-mail-thunderbird-78-10-0-11-4-34-0-1-94-3oracle-solaris-11-4-upgrade-web-browser-firefox-78-10-0-11-4-34-0-1-94-3oracle-solaris-11-4-upgrade-web-data-firefox-bookmarks-78-10-0-11-4-34-0-1-94-3
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.