Mozilla Released Security Updates for critical vulnerabilities that affected Thunderbird Mail client. The update fixes three high-level vulnerabilities and one low-level of vulnerability.
Mozilla Thunderbird is a free and open-source cross-platform email client, RSS and chats client developed by the Mozilla Foundation and it is installed by default on Ubuntu desktop systems. It is one of the most used email clients on all operating systems.
The vulnerability resides in the implementation of iCal that causes a overflows in processing certain email messages resulting in a potentially exploitable crash. Following are the vulnerabilities.
CVE-2019-11703: Heap buffer overflow in icalparser.c
A flaw in Thunderbird’s implementation of iCal causes a heap buffer overflow in parser_get_next_char
when processing certain email messages, resulting in a potentially exploitable crash.
CVE-2019-11704: Heap buffer overflow in icalvalue.c
A flaw in Thunderbird’s implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote
when processing certain email messages, resulting in a potentially exploitable crash.
CVE-2019-11705: Stack buffer overflow in icalrecur.c
A flaw in Thunderbird’s implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules
when processing certain email messages, resulting in a potentially exploitable crash.
CVE-2019-11706: Type confusion in icalproperty.c
A flaw in Thunderbird’s implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties
when processing certain email messages, resulting in a crash.
Also, the Thunderbird 60.7.1 comes with a fix for a bug removing the prompt for smartcard PIN when S/MIME signing was used.
Mozilla Releases Critical Security Update
Mozilla Released Security Updates for Thunderbird & Fixed Critical Security Flaws
Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…
A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…
EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…
A sophisticated phishing campaign, dubbed "PoisonSeed," has been identified targeting customer relationship management (CRM) and…
A surge in phishing text messages claiming unpaid tolls has been linked to a massive…
The State Bar of Texas has confirmed a data breach following the detection of unauthorized…