CVE-2019-11705 – Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2019-11705
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. Una fallo en la implementación de iCunder por parte de Thunderbird provoca un desbordamiento del búfer de pila en icalrecur_add_bydayrules cuando se procesan ciertos mensajes de correo electrónico, lo que resulta en una fallo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird anterior a la versión 60.7.1. • https://www.exploit-db.com/exploits/47004 https://bugzilla.mozilla.org/show_bug.cgi?id=1553808 https://security.gentoo.org/glsa/201908-20 https://www.mozilla.org/security/advisories/mfsa2019-17 https://access.redhat.com/security/cve/CVE-2019-11705 https://bugzilla.redhat.com/show_bug.cgi?id=1720008 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-11706 – Thunderbird ESR < 60.7.XXX - Type Confusion
https://notcve.org/view.php?id=CVE-2019-11706
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1. Una fallo en la implementación de iCal en Thunderbird causa una confusión de tipo en icaltimezone_get_vtimezone_properties cuando se procesan ciertos mensajes de correo electrónico, lo que resulta un fallo. Esta vulnerabilidad afecta a Thunderbird anterior a la versión 60.7.1. • https://www.exploit-db.com/exploits/47001 https://bugzilla.mozilla.org/show_bug.cgi?id=1555646 https://security.gentoo.org/glsa/201908-20 https://www.mozilla.org/security/advisories/mfsa2019-17 https://access.redhat.com/security/cve/CVE-2019-11706 https://bugzilla.redhat.com/show_bug.cgi?id=1720011 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2019-11703 – Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2019-11703
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. Una fallo en la implementación de iCunder en Thunderbird provoca un desbordamiento del búfer del montón en parser_get_next_char cuando se procesan ciertos mensajes de correo electrónico, lo que resulta en una fallo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird anterior a la versión 60.7.1. • https://www.exploit-db.com/exploits/47003 https://bugzilla.mozilla.org/show_bug.cgi?id=1553820 https://security.gentoo.org/glsa/201908-20 https://www.mozilla.org/security/advisories/mfsa2019-17 https://access.redhat.com/security/cve/CVE-2019-11703 https://bugzilla.redhat.com/show_bug.cgi?id=1720001 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-11704 – Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2019-11704
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. Un fallo en la implementación de iCunder por parte de Thunderbird provoca un desbordamiento del búfer de pila en icalmemory_strdup_and_dequote cuando se procesan ciertos mensajes de correo electrónico, lo que resulta un fallo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird anterior a la 60.7.1. • https://www.exploit-db.com/exploits/47002 https://bugzilla.mozilla.org/show_bug.cgi?id=1553814 https://security.gentoo.org/glsa/201908-20 https://www.mozilla.org/security/advisories/mfsa2019-17 https://access.redhat.com/security/cve/CVE-2019-11704 https://bugzilla.redhat.com/show_bug.cgi?id=1720006 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-11693 – Mozilla: Buffer overflow in WebGL bufferdata on Linux
https://notcve.org/view.php?id=CVE-2019-11693
The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. • https://bugzilla.mozilla.org/show_bug.cgi?id=1532525 https://www.mozilla.org/security/advisories/mfsa2019-13 https://www.mozilla.org/security/advisories/mfsa2019-14 https://www.mozilla.org/security/advisories/mfsa2019-15 https://access.redhat.com/security/cve/CVE-2019-11693 https://bugzilla.redhat.com/show_bug.cgi?id=1712619 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •