PT-2019-5249 · Mozilla+3 · Thunderbird+3

Falko Strenzke

Published

2019-09-25

Updated

2024-06-15

CVE-2019-11755

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 68.1.1

Description The issue is related to insufficient input validation in the handling of S/MIME messages. Specifically, a crafted message with an inner encryption layer and an outer SignedData layer could be shown as having a valid digital signature, even if the signer did not have access to the encrypted message's contents. This could potentially allow a remote attacker to compromise data integrity.

Recommendations For Thunderbird versions prior to 68.1.1, update to version 68.1.1 or later to resolve the issue.

Fix

RCE

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-347

Related Identifiers

ALT-PU-2020-1166

ALT-PU-2020-1515

BDU:2020-02040

CVE-2019-11755

DLA-1997-1

DSA-4571-1

DSA-4571-2

MGASA-2019-0292

OPENSUSE-SU-2019:2248-1

OPENSUSE-SU-2019:2249-1

OPENSUSE-SU-2019_2248-1

OPENSUSE-SU-2019_2249-1

OPENSUSE-SU-2024:10601-1

SUSE-SU-2019:2515-1

USN-4202-1

USN-4202-2

USN-4335-1

Affected Products

Alt Linux

Suse

Thunderbird

Ubuntu

PT-2019-5249 · Mozilla+3 · Thunderbird+3

CVE-2019-11755

Weakness Enumeration

Related Identifiers

Affected Products

References · 495