Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-11739

Published: 27/09/2019 Updated: 24/08/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Thunderbird

Vulnerability Summary

It exists that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11739)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla thunderbird

Vendor Advisories

Ubuntu Security Notice: thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Debian Security Advisories: DSA-4523-1 thunderbird -- security update
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message For the oldstable distribution (stretch), these problems have been fixed in version 1: ...
Amazon Linux 2: ALAS2-2019-1304
Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward This vulnerability affects Thunderbird < 681 and Thunderbird < 609 (CVE-2019-11739) A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canv ...
Mozilla: Security vulnerabilities fixed in - Thunderbird 60.9
Mozilla Foundation Security Advisory 2019-29 Security vulnerabilities fixed in - Thunderbird 609 Announced September 6, 2019 Impact high Products Thunderbird Fixed in Thunderbird 609 ...
Mozilla: Security vulnerabilities fixed in - Thunderbird 68.1
Mozilla Foundation Security Advisory 2019-30 Security vulnerabilities fixed in - Thunderbird 681 Announced September 11, 2019 Impact high Products Thunderbird Fixed in Thunderbird 681 ...

References

CWE-319https://www.mozilla.org/security/advisories/mfsa2019-29/https://www.mozilla.org/security/advisories/mfsa2019-30/https://bugzilla.mozilla.org/show_bug.cgi?id=1571481http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.htmlhttps://usn.ubuntu.com/4150-1/https://usn.ubuntu.com/4150-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook