The signature of a digitally signed S/MIME email message...
Moderate severity
Unreviewed
Published
Dec 19, 2023
to the GitHub Advisory Database
•
Updated Dec 29, 2023
Description
Published by the National Vulnerability Database
Dec 19, 2023
Published to the GitHub Advisory Database
Dec 19, 2023
Last updated
Dec 29, 2023
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6.
References