1. Home
  2. Security Advisories
  3. FreeBSD
  4. FREEBSD:98F1241F-8C09-4237-AD0D-67FB4158EA7A

[FREEBSD:98F1241F-8C09-4237-AD0D-67FB4158EA7A] Mozilla -- multiple vulnerabilities

Severity Critical
Affected Packages 1
CVEs 4
Info Packages References Vulnerabilities

Mozilla Foundation reports:

  CVE-2019-11703: Heap buffer overflow in icalparser.c
  A flaw in Thunderbird's implementation of iCal causes a heap
    buffer overflow in parser_get_next_char when processing certain
    email messages, resulting in a potentially exploitable crash.
  CVE-2019-11704: Heap buffer overflow in icalvalue.c
  A flaw in Thunderbird's implementation of iCal causes a heap
    buffer overflow in icalmemory_strdup_and_dequote when processing
    certain email messages, resulting in a potentially exploitable
    crash.
  CVE-2019-11705: Stack buffer overflow in icalrecur.c
  A flaw in Thunderbird's implementation of iCal causes a stack
    buffer overflow in icalrecur_add_bydayrules when processing
    certain email messages, resulting in a potentially exploitable
    crash.
  CVE-2019-11706: Type confusion in icalproperty.c
  A flaw in Thunderbird's implementation of iCal causes a type
    confusion in icaltimezone_get_vtimezone_properties when
    processing certain email messages, resulting in a crash.
Package Affected Version
pkg:freebsd/thunderbird < 60.7.1
ID
FREEBSD:98F1241F-8C09-4237-AD0D-67FB4158EA7A
Severity
critical
Severity from
CVE-2019-11703
URL
http://vuxml.freebsd.org/freebsd/98f1241f-8c09-4237-ad0d-67fb4158ea7a.html
Published
2019-06-13T00:00:00
(5 years ago)
Modified
2019-06-21T00:00:00
(5 years ago)
Rights
FreeBSD VuXML Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:freebsd/thunderbird thunderbird < 60.7.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date