An email with a mismatching OpenPGP signature date was accepted as valid - CVE-2022-2226ID: oval:org.secpod.oval:def:81764 | Date: (C)2022-06-29 (M)2023-11-19 |
Class: VULNERABILITY | Family: windows |
Mozilla Thunderbird 91.11, Mozilla Thunderbird 102: An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current.
Platform: |
Microsoft Windows 11 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |
Microsoft Windows 8 |
Microsoft Windows XP |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows 10 |
Product: |
Mozilla Thunderbird |