Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2019-32

Security vulnerabilities fixed in - Thunderbird 68.1.1

Announced
September 25, 2019
Impact
moderate
Products
Thunderbird
Fixed in
  • Thunderbird 68.1.1

#CVE-2019-11755: Spoofing a message author via a crafted S/MIME message

Reporter
Falko Strenzke
Impact
moderate
Description

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer.

References