PT-2019-5249 · Mozilla+3 · Thunderbird+3

Falko Strenzke

Publicado

2019-09-25

Atualizado

2024-06-15

CVE-2019-11755

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 68.1.1

Description The issue is related to insufficient input validation in the handling of S/MIME messages. Specifically, a crafted message with an inner encryption layer and an outer SignedData layer could be shown as having a valid digital signature, even if the signer did not have access to the encrypted message's contents. This could potentially allow a remote attacker to compromise data integrity.

Recommendations For Thunderbird versions prior to 68.1.1, update to version 68.1.1 or later to resolve the issue.

Correção

RCE

Improper Verification of Cryptographic Signature

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-347

Identificadores relacionados

ALT-PU-2020-1166

ALT-PU-2020-1515

BDU:2020-02040

CVE-2019-11755

DLA-1997-1

DSA-4571-1

DSA-4571-2

MGASA-2019-0292

OPENSUSE-SU-2019:2248-1

OPENSUSE-SU-2019:2249-1

OPENSUSE-SU-2019_2248-1

OPENSUSE-SU-2019_2249-1

OPENSUSE-SU-2024:10601-1

SUSE-SU-2019:2515-1

USN-4202-1

USN-4202-2

USN-4335-1

Produtos afetados

Alt Linux

Suse

Thunderbird

Ubuntu

PT-2019-5249 · Mozilla+3 · Thunderbird+3

CVE-2019-11755

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 495