CVE Published: 27/09/2019 |
CVE Updated: 04/08/2024 |
CVE Year: 2019 Source: mozilla |
Vendor: Mozilla |
Product: Thunderbird Status : PUBLISHED
CVE-2019-11755 Description
A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. This vulnerability affects Thunderbird < 68.1.1.