Mozilla Released Security Updates for critical vulnerabilities that affected Thunderbird Mail client. The update fixes three high-level vulnerabilities and one low-level of vulnerability.
Mozilla Thunderbird is a free and open-source cross-platform email client, RSS and chats client developed by the Mozilla Foundation and it is installed by default on Ubuntu desktop systems. It is one of the most used email clients on all operating systems.
The vulnerability resides in the implementation of iCal that causes a overflows in processing certain email messages resulting in a potentially exploitable crash. Following are the vulnerabilities.
CVE-2019-11703: Heap buffer overflow in icalparser.c
A flaw in Thunderbird’s implementation of iCal causes a heap buffer overflow in parser_get_next_char
when processing certain email messages, resulting in a potentially exploitable crash.
CVE-2019-11704: Heap buffer overflow in icalvalue.c
A flaw in Thunderbird’s implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote
when processing certain email messages, resulting in a potentially exploitable crash.
CVE-2019-11705: Stack buffer overflow in icalrecur.c
A flaw in Thunderbird’s implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules
when processing certain email messages, resulting in a potentially exploitable crash.
CVE-2019-11706: Type confusion in icalproperty.c
A flaw in Thunderbird’s implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties
when processing certain email messages, resulting in a crash.
Also, the Thunderbird 60.7.1 comes with a fix for a bug removing the prompt for smartcard PIN when S/MIME signing was used.
Mozilla Releases Critical Security Update
Mozilla Released Security Updates for Thunderbird & Fixed Critical Security Flaws
Secure Ideas, a premier provider of penetration testing and security consulting services, proudly announces its…
Symantec has recently identified a sophisticated phishing campaign targeting users of Monex Securities (マネックス証券), a…
In a concerning development, CERT-UA, Ukraine's Computer Emergency Response Team, has reported a series of…
Hunters International, a ransomware group suspected to be a rebrand of the infamous Hive ransomware,…
In a recent cyberattack attributed to the Qilin ransomware group, threat actors successfully compromised a…
A newly uncovered cyber-espionage campaign, dubbed Operation HollowQuill, has been identified as targeting academic, governmental,…