7 matches found
CentOS 7 : thunderbird (RHSA-2020:2906)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2906 advisory. - Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially...
Information Disclosure
Thunderbird is vulnerable to information disclosure. An attacker is able to intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and sends a crafted response, of which Thunderbird will responds with username and password...
RHEL 8 : thunderbird (RHSA-2020:3046)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3046 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.10.0. Security Fixes: Mozilla:...
CVE-2020-15646
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
Mozilla: Automatic account setup leaks Microsoft Exchange login credentials
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
Mozilla: Automatic account setup leaks Microsoft Exchange login credentials
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...
Security fix for the ALT Linux 10 package thunderbird version 68.10.0-alt1
July 13, 2020 Andrey Cherepanov 68.10.0-alt1 - New version 68.10.0. - Fixes: + CVE-2020-12417 Memory corruption due to missing sign-extension for ValueTags on ARM64 + CVE-2020-12418 Information disclosure due to manipulated URL object + CVE-2020-12419 Use-after-free in nsGlobalWindowInner +...