CVE-2023-3417 Information

Description

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1835582 https://www.mozilla.org/security/advisories/mfsa2023-27/