Plugins Database As of 12-09-2019

Mozilla Thunderbird Security Updates(mfsa_2019-32_2019-35)-Windows

General
Impact by CVSS Score
  • ID: 1.3.6.1.4.1.25623.1.0.815816

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Summary:
This host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Multiple flaws exist due to, - A heap overflow error in expat library in XML_GetCurrentLineNumber. - An use-after-free error when creating index updates in IndexedDB. - A memory corruption error in the accessibility engine. - Multiple stack buffer overflow errors in HKDF output and WebRTC networking. - An unintended access to a privileged JSONView object. - The document.domain-based origin isolation has same-origin-property violation. - Failure to correctly handle null bytes when processing HTML entities.

Impact:
Successful exploitation allow attackers to cause denial of service, run arbitrary code and bypass security restrictions.

Affected Versions:
Mozilla Thunderbird version before 68.2 on Windows.

Recommendations:
Upgrade to Mozilla Thunderbird version 68.2 Please see the references for more information.

Solution Type:
Vendor Patch

Detection Type:
Windows Registry

Search
Severity
High
CVSS Score
7.5
Published
2019-10-25 10:27:09
Modified
2019-10-25 11:55:21
CVE
CVE-2019-15903
CVE-2019-11757
CVE-2019-11758
CVE-2019-11759
CVE-2019-11760
CVE-2019-11761
CVE-2019-11762
CVE-2019-11763
CVE-2019-11764

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.