CVE-2019-11704

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1553814

https://www.mozilla.org/security/advisories/mfsa2019-17/

https://security.gentoo.org/glsa/201908-20

Details

Source: MITRE

Published: 2019-07-23

Updated: 2021-07-21

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
145575CentOS 8 : thunderbird (CESA-2019:1623)NessusCentOS Local Security Checks
critical
134410NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0022)NessusNewStart CGSL Local Security Checks
critical
128698NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0178)NessusNewStart CGSL Local Security Checks
critical
127969GLSA-201908-20 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
127595Oracle Linux 8 : thunderbird (ELSA-2019-1623)NessusOracle Linux Local Security Checks
critical
127447NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0163)NessusNewStart CGSL Local Security Checks
critical
127441NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0160)NessusNewStart CGSL Local Security Checks
critical
126962Amazon Linux 2 : thunderbird (ALAS-2019-1250)NessusAmazon Linux Local Security Checks
critical
126435Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190627)NessusScientific Linux Local Security Checks
critical
126389CentOS 7 : thunderbird (CESA-2019:1626)NessusCentOS Local Security Checks
critical
126388CentOS 6 : thunderbird (CESA-2019:1624)NessusCentOS Local Security Checks
critical
126366Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190627)NessusScientific Linux Local Security Checks
critical
126321RHEL 7 : thunderbird (RHSA-2019:1626)NessusRed Hat Local Security Checks
critical
126320RHEL 6 : thunderbird (RHSA-2019:1624)NessusRed Hat Local Security Checks
critical
126319RHEL 8 : thunderbird (RHSA-2019:1623)NessusRed Hat Local Security Checks
critical
126318Oracle Linux 7 : thunderbird (ELSA-2019-1626)NessusOracle Linux Local Security Checks
critical
126317Oracle Linux 6 : thunderbird (ELSA-2019-1624)NessusOracle Linux Local Security Checks
critical
126231openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1606)NessusSuSE Local Security Checks
critical
126139FreeBSD : Mozilla -- multiple vulnerabilities (98f1241f-8c09-4237-ad0d-67fb4158ea7a)NessusFreeBSD Local Security Checks
critical
126099Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Thunderbird vulnerabilities (USN-4028-1)NessusUbuntu Local Security Checks
critical
126043openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1583)NessusSuSE Local Security Checks
critical
126038openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1577)NessusSuSE Local Security Checks
critical
125956Debian DLA-1820-1 : thunderbird security updateNessusDebian Local Security Checks
critical
125950Mozilla Thunderbird < 60.7.1NessusWindows
critical
125949Mozilla Thunderbird < 60.7.1NessusMacOS X Local Security Checks
critical
125930Debian DSA-4464-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
125917Slackware 14.2 / current : mozilla-thunderbird (SSA:2019-164-01)NessusSlackware Local Security Checks
critical