{"id":"CVE-2023-3417","details":"Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in  fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird \u003c 115.0.1 and Thunderbird \u003c 102.13.1.","modified":"2026-04-16T04:33:28.653877282Z","published":"2023-07-24T11:15:09.953Z","related":["ALSA-2023:4497","ALSA-2023:4499","SUSE-SU-2023:3059-1","openSUSE-SU-2024:13072-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00032.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5463"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-27/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-28/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1835582"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"102.13.1"}]},{"events":[{"introduced":"115.0"},{"fixed":"115.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3417.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}