CVE-2019-11707 – Mozilla Firefox and Thunderbird Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2019-11707
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. Se puede producir una vulnerabilidad de tipo confusión cuando se manipulan objetos de JavaScript debido a problemas en Array.pop. • https://www.exploit-db.com/exploits/47038 https://www.exploit-db.com/exploits/50691 https://github.com/vigneshsrao/CVE-2019-11707 https://bugzilla.mozilla.org/show_bug.cgi?id=1544386 https://security.gentoo.org/glsa/201908-12 https://www.mozilla.org/security/advisories/mfsa2019-18 https://www.mozilla.org/security/advisories/mfsa2019-20 https://access.redhat.com/security/cve/CVE-2019-11707 https://bugzilla.redhat.com/show_bug.cgi?id=1721789 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2019-11706 – Thunderbird ESR < 60.7.XXX - Type Confusion
https://notcve.org/view.php?id=CVE-2019-11706
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1. Una fallo en la implementación de iCal en Thunderbird causa una confusión de tipo en icaltimezone_get_vtimezone_properties cuando se procesan ciertos mensajes de correo electrónico, lo que resulta un fallo. Esta vulnerabilidad afecta a Thunderbird anterior a la versión 60.7.1. • https://www.exploit-db.com/exploits/47001 https://bugzilla.mozilla.org/show_bug.cgi?id=1555646 https://security.gentoo.org/glsa/201908-20 https://www.mozilla.org/security/advisories/mfsa2019-17 https://access.redhat.com/security/cve/CVE-2019-11706 https://bugzilla.redhat.com/show_bug.cgi?id=1720011 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2019-11703 – Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2019-11703
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. Una fallo en la implementación de iCunder en Thunderbird provoca un desbordamiento del búfer del montón en parser_get_next_char cuando se procesan ciertos mensajes de correo electrónico, lo que resulta en una fallo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird anterior a la versión 60.7.1. • https://www.exploit-db.com/exploits/47003 https://bugzilla.mozilla.org/show_bug.cgi?id=1553820 https://security.gentoo.org/glsa/201908-20 https://www.mozilla.org/security/advisories/mfsa2019-17 https://access.redhat.com/security/cve/CVE-2019-11703 https://bugzilla.redhat.com/show_bug.cgi?id=1720001 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-11704 – Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2019-11704
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. Un fallo en la implementación de iCunder por parte de Thunderbird provoca un desbordamiento del búfer de pila en icalmemory_strdup_and_dequote cuando se procesan ciertos mensajes de correo electrónico, lo que resulta un fallo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird anterior a la 60.7.1. • https://www.exploit-db.com/exploits/47002 https://bugzilla.mozilla.org/show_bug.cgi?id=1553814 https://security.gentoo.org/glsa/201908-20 https://www.mozilla.org/security/advisories/mfsa2019-17 https://access.redhat.com/security/cve/CVE-2019-11704 https://bugzilla.redhat.com/show_bug.cgi?id=1720006 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-11705 – Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2019-11705
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. Una fallo en la implementación de iCunder por parte de Thunderbird provoca un desbordamiento del búfer de pila en icalrecur_add_bydayrules cuando se procesan ciertos mensajes de correo electrónico, lo que resulta en una fallo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird anterior a la versión 60.7.1. • https://www.exploit-db.com/exploits/47004 https://bugzilla.mozilla.org/show_bug.cgi?id=1553808 https://security.gentoo.org/glsa/201908-20 https://www.mozilla.org/security/advisories/mfsa2019-17 https://access.redhat.com/security/cve/CVE-2019-11705 https://bugzilla.redhat.com/show_bug.cgi?id=1720008 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •