CVE-2018-18509

A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird < 60.5.1.
Configurations

Configuration 1

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Information

Published : 2019-04-26 05:29

Updated : 2019-06-03 07:29


NVD link : CVE-2018-18509

Mitre link : CVE-2018-18509

Products Affected
No products.
CWE
CWE-347

Improper Verification of Cryptographic Signature