Kaspersky LabKLA11510

HistoryJun 20, 2019 - 12:00 a.m.

KLA11510 Multiple vulnerabilities in Mozilla Thunderbird

2019-06-2000:00:00

Kaspersky Lab

threats.kaspersky.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.764 High

EPSS

Percentile

98.1%

JSON

Detect date:

06/20/2019

Severity:

High

Description:

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Mozilla Thunderbird versions earlier then 60.7.2

Solution:

Update to the latest version
Download Mozilla Thunderbird

Original advisories:

Mozilla Foundation Security Advisory 2019-20

Impacts:

ACE

Related products:

Mozilla Thunderbird

CVE-IDS:

CVE-2019-11707

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11707

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/class/Exploit/

threats.kaspersky.com/en/product/Mozilla-Thunderbird/

www.mozilla.org/en-US/security/advisories/mfsa2019-20/

www.mozilla.org/en-US/thunderbird/

nessus 66

redhatcve 1

osv 5

slackware 2

cve 1

openvas 39

archlinux 2

githubexploit 2

prion 1

ibm 3

ubuntucve 1

ubuntu 2

alpinelinux 1

cisa_kev 1

zdt 2

attackerkb 1

threatpost 7

veracode 1

debian 4

checkpoint_advisories 1

suse 4

thn 3

fedora 4

packetstorm 2

debiancve 1

mageia 3

freebsd 2

altlinux 2

kaspersky 2

mozilla 2

oraclelinux 6

centos 4

redhat 6

exploitdb 1

amazon 1

googleprojectzero 1

securelist 1

gentoo 1

kitploit 1

nessus

Fedora 30 : firefox (2019-2cac67b3bc)

2019-06-20 00:00:00

Slackware 14.2 / current : mozilla-thunderbird (SSA:2019-172-02)

2019-06-21 00:00:00

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:1629-1)

2019-06-24 00:00:00

redhatcve

CVE-2019-11707

2022-01-13 06:46:43

osv

firefox-esr - security update

2019-06-18 00:00:00

CVE-2019-11707

2019-07-23 14:15:15

firefox-esr - security update

2019-06-20 00:00:00

slackware

[slackware-security] mozilla-firefox

2019-06-18 22:33:29

[slackware-security] mozilla-thunderbird

2019-06-21 06:54:55

cve

CVE-2019-11707

2019-07-23 14:15:00

openvas

Huawei EulerOS: Security Advisory for mozjs60 (EulerOS-SA-2024-1550)

2024-04-22 00:00:00

Mozilla Firefox Security Advisories (MFSA2019-17, MFSA2019-18) - Windows

2019-06-19 00:00:00

Debian: Security Advisory (DLA-1829-1)

2019-06-21 00:00:00

archlinux

[ASA-201906-19] firefox-developer-edition: arbitrary code execution

2019-06-19 00:00:00

[ASA-201906-18] firefox: arbitrary code execution

2019-06-19 00:00:00

githubexploit

Exploit for Type Confusion in Mozilla Thunderbird

2019-08-18 07:41:01

Exploit for Type Confusion in Mozilla Thunderbird

2020-04-13 15:11:46

prion

Type confusion

2019-07-23 14:15:00

ibm

Security Bulletin: Mozilla Firefox vulnerability in IBM SONAS (CVE-2019-11707)

2019-07-09 18:05:01

Security Bulletin: One vulnerability of Mozzila Firefox (less than Firefox 60.7.1 ESR) has affected Synthetic Playback Agent 8.1.4.0 - 8.1.4 IF07

2019-12-20 08:47:33

Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in busybox, arpwatch, apr, acpid, augeas, firefox, ctdb.

2021-12-15 07:41:22

ubuntucve

CVE-2019-11707

2019-06-19 00:00:00

ubuntu

Firefox vulnerability

2019-06-19 00:00:00

Thunderbird vulnerabilities

2019-07-01 00:00:00

alpinelinux

CVE-2019-11707

2019-07-23 14:15:00

cisa_kev

Mozilla Firefox and Thunderbird Type Confusion Vulnerability

2022-05-23 00:00:00

zdt

Mozilla Spidermonkey - IonMonkey (Array.prototype.pop) Type Confusion Exploit

2019-06-26 00:00:00

Mozilla Firefox 67 - Array.pop JIT Type Confusion Exploit

2022-02-02 00:00:00

attackerkb

CVE-2019-11707

2019-07-23 00:00:00

threatpost

“Unbreakable” Smart Lock Tapplock Issues Critical Security Patch

2018-06-18 20:57:25

Pinterest Browser Extension Injects Unwanted Code into 5K Websites

2018-07-25 19:36:57

Mozilla Patches Firefox Critical Flaw Under Active Attack

2019-06-19 12:57:20

veracode

Denial Of Service (DoS)

2019-07-01 00:15:21

debian

[SECURITY] [DSA 4466-1] firefox-esr security update

2019-06-18 21:21:07

[SECURITY] [DLA 1829-1] firefox-esr security update

2019-06-20 09:28:45

[SECURITY] [DSA 4471-1] thunderbird security update

2019-06-24 21:20:35

checkpoint_advisories

Mozilla Firefox Type Confusion (CVE-2019-11707)

2019-06-27 00:00:00

suse

Security update for MozillaFirefox (important)

2019-06-23 00:00:00

Security update for MozillaThunderbird (critical)

2019-06-23 00:00:00

Security update for MozillaThunderbird (important)

2019-06-24 00:00:00

thn

Tor Browser 8.5.2 Released — Update to Fix Critical Firefox Vulnerability

2019-06-20 09:57:00

Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks

2019-06-19 02:59:00

Firefox 67.0.4 Released — Mozilla Patches Second 0-Day Flaw This Week

2019-06-21 09:11:00

fedora

[SECURITY] Fedora 29 Update: firefox-67.0.3-1.fc29

2019-06-21 00:25:34

[SECURITY] Fedora 30 Update: firefox-67.0.3-1.fc30

2019-06-19 22:51:04

[SECURITY] Fedora 30 Update: gjs-1.56.2-4.fc30

2019-06-24 00:56:59

packetstorm

Spidermonkey IonMonkey Incorrect Prediction

2019-06-25 00:00:00

Mozilla Firefox 67 Array.pop JIT Type Confusion

2022-02-02 00:00:00

debiancve

CVE-2019-11707

2019-07-23 14:15:00

mageia

Updated firefox packages fix security vulnerability

2019-06-21 04:07:01

Updated thunderbird packages fix security vulnerabilities

2019-07-02 16:09:27

Updated mozjs60 packages fix security vulnerability

2020-01-05 18:37:51

freebsd

mozilla -- multiple vulnerabilities

2019-06-18 00:00:00

Mozilla -- multiple vulnerabilities

2019-06-20 00:00:00

altlinux

Security fix for the ALT Linux 10 package firefox-esr version 60.7.1-alt1

2019-06-18 00:00:00

Security fix for the ALT Linux 10 package thunderbird version 60.7.2-alt1

2019-06-22 00:00:00

kaspersky

KLA11508 Type confusion vulnerability in Mozilla Firefox ESR

2019-06-18 00:00:00

KLA11507 Type confusion vulnerability in Mozilla Firefox

2019-06-18 00:00:00

mozilla

Security vulnerabilities fixed in Firefox 67.0.3 and Firefox ESR 60.7.1 — Mozilla

2019-06-18 00:00:00

Security vulnerabilities fixed in Thunderbird 60.7.2 — Mozilla

2019-06-20 00:00:00

oraclelinux

firefox security update

2019-06-26 00:00:00

firefox security update

2019-06-25 00:00:00

firefox security update

2019-07-30 00:00:00

centos

firefox security update

2019-07-01 15:53:24

firefox security update

2019-07-01 15:56:37

thunderbird security update

2019-07-01 15:57:35

redhat

(RHSA-2019:1696) Critical: firefox security update

2019-07-08 08:01:28

(RHSA-2019:1603) Critical: firefox security update

2019-06-25 16:27:43

(RHSA-2019:1604) Critical: firefox security update

2019-06-25 16:27:56

exploitdb

Mozilla Firefox 67 - Array.pop JIT Type Confusion

2022-02-02 00:00:00

amazon

Critical: thunderbird

2019-07-18 18:17:00

googleprojectzero

Root Cause Analyses for 0-day In-the-Wild Exploits

2020-07-29 00:00:00

securelist

IT threat evolution Q2 2019. Statistics

2019-08-19 10:00:00

gentoo

Mozilla Firefox: Multiple vulnerabilities

2019-08-15 00:00:00

kitploit

Fuzzilli - A JavaScript Engine Fuzzer

2020-11-21 20:30:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.764 High

EPSS

Percentile

98.1%

JSON

Related for KLA11510