FreeBSD : Mozilla -- multiple vulnerabilities (98f1241f-8c09-4237-ad0d-67fb4158ea7a)

critical Nessus Plugin ID 126139

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Mozilla Foundation reports : CVE-2019-11703: Heap buffer overflow in icalparser.c A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash.
CVE-2019-11704: Heap buffer overflow in icalvalue.c A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. CVE-2019-11705: Stack buffer overflow in icalrecur.c A flaw in Thunderbird's implementation of iCal causes a stack-based buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. CVE-2019-11706: Type confusion in icalproperty.c A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash.

Solution

Update the affected package.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/

http://www.nessus.org/u?4658ff11

Plugin Details

Severity: Critical

ID: 126139

File Name: freebsd_pkg_98f1241f8c094237ad0d67fb4158ea7a.nasl

Version: 1.4

Type: local

Published: 6/24/2019

Updated: 8/12/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:thunderbird, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/21/2019

Vulnerability Publication Date: 6/13/2019

Reference Information

CVE: CVE-2019-11703, CVE-2019-11704, CVE-2019-11705, CVE-2019-11706