CVE-2019-11706

MEDIUM

Description

A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1555646

https://security.gentoo.org/glsa/201908-20

https://www.mozilla.org/security/advisories/mfsa2019-17/

Details

Source: MITRE

Published: 2019-07-23

Updated: 2020-08-24

Type: CWE-843

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (26 total)

ID	Name	Product	Family	Severity
134410	NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0022)	Nessus	NewStart CGSL Local Security Checks	critical
128698	NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0178)	Nessus	NewStart CGSL Local Security Checks	critical
127969	GLSA-201908-20 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
127595	Oracle Linux 8 : thunderbird (ELSA-2019-1623)	Nessus	Oracle Linux Local Security Checks	critical
127447	NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0163)	Nessus	NewStart CGSL Local Security Checks	critical
127441	NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0160)	Nessus	NewStart CGSL Local Security Checks	critical
126962	Amazon Linux 2 : thunderbird (ALAS-2019-1250)	Nessus	Amazon Linux Local Security Checks	critical
126435	Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190627)	Nessus	Scientific Linux Local Security Checks	critical
126389	CentOS 7 : thunderbird (CESA-2019:1626)	Nessus	CentOS Local Security Checks	critical
126388	CentOS 6 : thunderbird (CESA-2019:1624)	Nessus	CentOS Local Security Checks	critical
126366	Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20190627)	Nessus	Scientific Linux Local Security Checks	critical
126321	RHEL 7 : thunderbird (RHSA-2019:1626)	Nessus	Red Hat Local Security Checks	critical
126320	RHEL 6 : thunderbird (RHSA-2019:1624)	Nessus	Red Hat Local Security Checks	critical
126319	RHEL 8 : thunderbird (RHSA-2019:1623)	Nessus	Red Hat Local Security Checks	critical
126318	Oracle Linux 7 : thunderbird (ELSA-2019-1626)	Nessus	Oracle Linux Local Security Checks	critical
126317	Oracle Linux 6 : thunderbird (ELSA-2019-1624)	Nessus	Oracle Linux Local Security Checks	critical
126231	openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1606)	Nessus	SuSE Local Security Checks	critical
126139	FreeBSD : Mozilla -- multiple vulnerabilities (98f1241f-8c09-4237-ad0d-67fb4158ea7a)	Nessus	FreeBSD Local Security Checks	high
126099	Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Thunderbird vulnerabilities (USN-4028-1)	Nessus	Ubuntu Local Security Checks	high
126043	openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1583)	Nessus	SuSE Local Security Checks	high
126038	openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1577)	Nessus	SuSE Local Security Checks	high
125956	Debian DLA-1820-1 : thunderbird security update	Nessus	Debian Local Security Checks	high
125950	Mozilla Thunderbird < 60.7.1	Nessus	Windows	high
125949	Mozilla Thunderbird < 60.7.1	Nessus	MacOS X Local Security Checks	high
125930	Debian DSA-4464-1 : thunderbird - security update	Nessus	Debian Local Security Checks	high
125917	Slackware 14.2 / current : mozilla-thunderbird (SSA:2019-164-01)	Nessus	Slackware Local Security Checks	high