CVE CyberSecurity Database News

CVE-2023-0547 - How a Missed OCSP Check in Thunderbird Let Revoked Certificates Send S/MIME Encrypted Emails

Poster -

---

If you use encrypted email with Thunderbird, you care deeply about security. But what if your recipient's certificate was revoked—a bad sign!—and Thunderbird didn't catch it before sending a confidential message? That's exactly what CVE-2023-0547 revealed: Thunderbird failed to verify the revocation status via OCSP (Online Certificate Status Protocol) when sending S/MIME encrypted emails. This bug left your secrets vulnerable from versions 68 up to 102.9.1.

Let's break down what happened, how it can be exploited, and show you code snippets and references to understand the vulnerability.


## What is S/MIME and OCSP?

- S/MIME encryption lets you send secure emails to someone, locked with their public key certificate.

Each person’s public certificate can be revoked—maybe because it was leaked or compromised.

- OCSP (Online Certificate Status Protocol) is what Thunderbird should use to check if that certificate was revoked before using it.

With CVE-2023-0547, even if the certificate was revoked, Thunderbird didn't check! You could unknowingly send secret info to attackers.

The Vulnerability Breakdown

Thunderbird (versions 68 to 102.9.1) skipped checking revocation status (via OCSP) on recipient S/MIME certificates.

Why Does This Happen?

When you compose and send an encrypted email, Thunderbird grabs the recipient's public certificate, encrypts the message, and sends it out. If you had a revoked certificate (say, attacker previously managed to get a valid one, but it’s now blacklisted), Thunderbird should ask the CA via OCSP, “Hey, is this cert still good?” Due to the bug, it never did—even if you had revocation checking enabled.

What could go wrong?

A malicious user with a revoked certificate could trick you into sending them S/MIME encrypted emails, thefting secrets they shouldn't see.

Where was the Bug?

The bug was present in the message composition process in Thunderbird. Here’s a simplified flow representative of what the code likely did:

// Pseudo-code: how Thunderbird should check OCSP during S/MIME processing

function sendEncryptedMail(recipientCert) {
  if (!isOCSPValid(recipientCert)) {
    throw new Error("Recipient's certificate has been revoked; cannot send encrypted mail.");
  }
  encryptAndSend(recipientCert);
}

But due to CVE-2023-0547, the actual logic missed that isOCSPValid(cert) function

// Vulnerable flow: OCSP not checked!
function sendEncryptedMail(recipientCert) {
  // No OCSP check here
  encryptAndSend(recipientCert);
}

This gap persisted across multiple versions—potentially for years—until fixed in Thunderbird 102.10.

How Would an Attacker Exploit This?

1. Attacker obtains a real certificate for themselves, but for some reason, it gets revoked (maybe they’re compromised, or malicious).

Attacker shares their certificate with you.

3. Without OCSP checking, your Thunderbird continues to accept the revoked certificate and encrypt sensitive emails for the attacker.

Step 2: Unsuspecting user imports attacker’s certificate to their Thunderbird address book.

- Step 3: User composes a sensitive email, picks the attacker as recipient—Thunderbird encrypts with revoked certificate (since it didn’t check revocation).
- Step 4: Attacker receives sensitive info, decrypts it—even though their cert was officially untrusted.

How Was This Discovered and Fixed?

Mozilla’s security team and external researchers spotted the missing OCSP check. The fix ensured Thunderbird checks revocation status of recipient certificates before sending encrypted mail.

Patch details:  
Mozilla Bugzilla - 1802519

Thunderbird version 102.10 fixed the bug. After upgrading, any revoked certificate fails the OCSP check and gets blocked from encrypting new emails.

References

- CVE-2023-0547 at NVD
- Thunderbird 102.10 Release Notes
- Bugzilla - 1802519
- Mozilla Security Blog

Conclusion

CVE-2023-0547 is a reminder that even mature email clients like Thunderbird can slip up. OCSP revocation checking is *critical*—don’t trust encryption unless you’re sure the certificate is still trustworthy! If you still run Thunderbird < 102.10, update now, before your secrets end up in the wrong hands.

Timeline

Published on: 06/02/2023 17:15:00 UTC
Last modified on: 06/09/2023 17:51:00 UTC