The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. This vulnerability affects Thunderbird < 68.1.1.
Base Score: 5
Impact Score: 2.9
Exploitability Score: 10
Base Score: 7.5
Impact Score: 3.6
Exploitability Score: 3.9
|135896||Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)||Nessus||Ubuntu Local Security Checks|
|132011||Ubuntu 18.04 LTS / 19.10 : Thunderbird regression (USN-4202-2)||Nessus||Ubuntu Local Security Checks|
|131139||Debian DSA-4571-1 : thunderbird - security update||Nessus||Debian Local Security Checks|
|131136||Debian DLA-1997-1 : thunderbird security update||Nessus||Debian Local Security Checks|
|129663||openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2249)||Nessus||SuSE Local Security Checks|
|129662||openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2248)||Nessus||SuSE Local Security Checks|
|129390||Mozilla Thunderbird < 68.1.1||Nessus||Windows|
|129389||Mozilla Thunderbird < 68.1.1||Nessus||MacOS X Local Security Checks|