CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
98.4%
Issue Overview:
libical: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703)
libical: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706)
Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708)
libical: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705)
libical: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704)
Mozilla: Type confusion in Array.pop (CVE-2019-11707)
Affected Packages:
thunderbird
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update thunderbird to update your system.
New Packages:
src:
thunderbird-60.7.2-2.amzn2.0.1.src
x86_64:
thunderbird-60.7.2-2.amzn2.0.1.x86_64
thunderbird-debuginfo-60.7.2-2.amzn2.0.1.x86_64
Red Hat: CVE-2019-11703, CVE-2019-11704, CVE-2019-11705, CVE-2019-11706, CVE-2019-11707, CVE-2019-11708
Mitre: CVE-2019-11703, CVE-2019-11704, CVE-2019-11705, CVE-2019-11706, CVE-2019-11707, CVE-2019-11708
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 2 | x86_64 | thunderbird | < 60.7.2-2.amzn2.0.1 | thunderbird-60.7.2-2.amzn2.0.1.x86_64.rpm |
Amazon Linux | 2 | x86_64 | thunderbird-debuginfo | < 60.7.2-2.amzn2.0.1 | thunderbird-debuginfo-60.7.2-2.amzn2.0.1.x86_64.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
98.4%