Mozilla Foundation Security Advisory 2019-17

Security vulnerabilities fixed in Thunderbird 60.7.1

Announced
June 13, 2019
Impact
high
Products
Thunderbird
Fixed in
  • Thunderbird 60.7.1

#CVE-2019-11703: Heap buffer overflow in icalparser.c

Reporter
Luis Merino of X41 D-Sec
Impact
high
Description

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash.

References

#CVE-2019-11704: Heap buffer overflow in icalvalue.c

Reporter
Luis Merino of X41 D-Sec
Impact
high
Description

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash.

References

#CVE-2019-11705: Stack buffer overflow in icalrecur.c

Reporter
Luis Merino of X41 D-Sec
Impact
high
Description

A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash.

References

#CVE-2019-11706: Type confusion in icalproperty.c

Reporter
Luis Merino of X41 D-Sec
Impact
low
Description

A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash.

References