Mozilla Thunderbird < 68.1.1
Medium Nessus Plugin ID 129389
SynopsisA mail client installed on the remote macOS or Mac OS X host is affected by a vulnerability.
DescriptionThe version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.1.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-32 advisory.
- A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Mozilla Thunderbird version 68.1.1 or later.