{"api_version":"1","generated_at":"2026-04-23T06:20:11+00:00","cve":"CVE-2023-0616","urls":{"html":"https://cve.report/CVE-2023-0616","api":"https://cve.report/api/cve/CVE-2023-0616.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-0616","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-0616"},"summary":{"title":"CVE-2023-0616","description":"If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2023-06-02 17:15:00","updated_at":"2023-06-08 19:35:00"},"problem_types":["CWE-400"],"metrics":[],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1806507","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1806507","refsource":"MISC","tags":[],"title":"Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","name":"https://www.mozilla.org/security/advisories/mfsa2023-07/","refsource":"MISC","tags":[],"title":"Security Vulnerabilities fixed in Thunderbird 102.8 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-0616","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0616","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"616","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-0616","qid":"160464","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-0821)"},{"cve":"CVE-2023-0616","qid":"160466","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-0817)"},{"cve":"CVE-2023-0616","qid":"160467","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-0824)"},{"cve":"CVE-2023-0616","qid":"181592","title":"Debian Security Update for thunderbird (DLA 3324-1)"},{"cve":"CVE-2023-0616","qid":"181680","title":"Debian Security Update for thunderbird (DSA 5355-1)"},{"cve":"CVE-2023-0616","qid":"183060","title":"Debian Security Update for thunderbird (CVE-2023-0616)"},{"cve":"CVE-2023-0616","qid":"199234","title":"Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5943-1)"},{"cve":"CVE-2023-0616","qid":"241194","title":"Red Hat Update for thunderbird (RHSA-2023:0821)"},{"cve":"CVE-2023-0616","qid":"241195","title":"Red Hat Update for thunderbird (RHSA-2023:0820)"},{"cve":"CVE-2023-0616","qid":"241197","title":"Red Hat Update for thunderbird (RHSA-2023:0822)"},{"cve":"CVE-2023-0616","qid":"241198","title":"Red Hat Update for thunderbird (RHSA-2023:0817)"},{"cve":"CVE-2023-0616","qid":"241199","title":"Red Hat Update for thunderbird (RHSA-2023:0824)"},{"cve":"CVE-2023-0616","qid":"241200","title":"Red Hat Update for thunderbird (RHSA-2023:0823)"},{"cve":"CVE-2023-0616","qid":"241618","title":"Red Hat Update for thunderbird (RHSA-2023:0819)"},{"cve":"CVE-2023-0616","qid":"241677","title":"Red Hat Update for thunderbird (RHSA-2023:0818)"},{"cve":"CVE-2023-0616","qid":"257223","title":"CentOS Security Update for thunderbird (CESA-2023:0817)"},{"cve":"CVE-2023-0616","qid":"377993","title":"Mozilla Thunderbird Multiple Vulnerabilities (MFSA2023-07)"},{"cve":"CVE-2023-0616","qid":"710735","title":"Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202305-36)"},{"cve":"CVE-2023-0616","qid":"940935","title":"AlmaLinux Security Update for thunderbird (ALSA-2023:0821)"},{"cve":"CVE-2023-0616","qid":"940940","title":"AlmaLinux Security Update for thunderbird (ALSA-2023:0824)"},{"cve":"CVE-2023-0616","qid":"960654","title":"Rocky Linux Security Update for thunderbird (RLSA-2023:0821)"},{"cve":"CVE-2023-0616","qid":"960659","title":"Rocky Linux Security Update for thunderbird (RLSA-2023:0824)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-0616","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Thunderbird","version":{"version_data":[{"version_value":"102.8","version_affected":"<"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"User Interface lockup with messages combining S/MIME and OpenPGP"}]}]},"references":{"reference_data":[{"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1806507","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1806507"}]},"description":{"description_data":[{"lang":"eng","value":"If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8."}]}},"nvd":{"publishedDate":"2023-06-02 17:15:00","lastModifiedDate":"2023-06-08 19:35:00","problem_types":["CWE-400"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"102.8","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}