FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mozilla -- multiple vulnerabilities

Affected packages
thunderbird < 60.7.1

Details

VuXML ID 98f1241f-8c09-4237-ad0d-67fb4158ea7a
Discovery 2019-06-13
Entry 2019-06-21

Mozilla Foundation reports:

CVE-2019-11703: Heap buffer overflow in icalparser.c

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash.

CVE-2019-11704: Heap buffer overflow in icalvalue.c

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash.

CVE-2019-11705: Stack buffer overflow in icalrecur.c

A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash.

CVE-2019-11706: Type confusion in icalproperty.c

A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash.

References

CVE Name CVE-2019-11703
CVE Name CVE-2019-11704
CVE Name CVE-2019-11705
CVE Name CVE-2019-11706
URL https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/