vulnerability

FreeBSD: VID-98F1241F-8C09-4237-AD0D-67FB4158EA7A (CVE-2019-11704): Mozilla -- multiple vulnerabilities

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jun 13, 2019
Added
Jun 21, 2019
Modified
Aug 16, 2019

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.


From VID-98F1241F-8C09-4237-AD0D-67FB4158EA7A:




Mozilla Foundation reports:



CVE-2019-11703: Heap buffer overflow in icalparser.c


A flaw in Thunderbird's implementation of iCal causes a heap


buffer overflow in parser_get_next_char when processing certain


email messages, resulting in a potentially exploitable crash.


CVE-2019-11704: Heap buffer overflow in icalvalue.c


A flaw in Thunderbird's implementation of iCal causes a heap


buffer overflow in icalmemory_strdup_and_dequote when processing


certain email messages, resulting in a potentially exploitable


crash.


CVE-2019-11705: Stack buffer overflow in icalrecur.c


A flaw in Thunderbird's implementation of iCal causes a stack


buffer overflow in icalrecur_add_bydayrules when processing


certain email messages, resulting in a potentially exploitable


crash.


CVE-2019-11706: Type confusion in icalproperty.c


A flaw in Thunderbird's implementation of iCal causes a type


confusion in icaltimezone_get_vtimezone_properties when


processing certain email messages, resulting in a crash.




Solution

freebsd-upgrade-package-thunderbird
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.