Amazon Linux 2 : thunderbird (ALAS-2018-1032)

The following CVEs are fixed in the updated thunderbird package : CVE-2018-5161 : Hang via malformed headers CVE-2018-5162 : Encrypted mail leaks plaintext through src attribute CVE-2018-5183 : Backport critical security fixes in Skia CVE-2018-5155 : Use-after-free with SVG animations and text...

CVE-2018-5184

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

DEBIAN-CVE-2018-5184

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

CVE-2017-5448

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin GMP sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data with...

Design/Logic Flaw

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...

CVE-2018-5184

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

CVE-2018-4227

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration...

Code injection

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration...

CVE-2018-4227

CVE-2018-4227 affects Apple Mail in iOS prior to 11.4 and macOS prior to 10.13.5, enabling remote attackers to read the cleartext contents of S/MIME encrypted messages via direct exfiltration. The Apple advisory notes the issue relates to handling of S/MIME and MIME isolation within Mail, with mi...

CVE-2018-4227

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration...

E-Mail Vulnerabilities and Disclosure

Last week, researchers disclosed vulnerabilities in a large number of encrypted e-mail clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. These are serious vulnerabilities: An attacker who can alter mail sent to a vulnerable client can trick that client...

Apple Mac OS X Security Updates (HT208849)-01

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2018-0261 Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150. Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154. Mozilla: Use-after-free with SVG animations and text paths CVE-2018-5155. Mozill...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150. Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154. Mozilla: Use-after-free with SVG animations and text paths CVE-2018-5155. Mozill...

CentOS 7 : thunderbird (CESA-2018:1725)

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

SEVered Attack Extracts the Memory of AMD-Encrypted VMs

UPDATE Virtual machines that use AMD’s Secure Encrypted Virtualization SEV, a hardware-based encryption scheme, have been found to be vulnerable to the same malicious hypervisor attacks that can affect all processors. A successful attack can extract the full contents of their main memory in...

Debian DLA-1382-1 : thunderbird security update

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails. For Debian 7 'Wheezy', these problems have been fixed in version 1:52.8.0-1deb7u1. We recommend that you upgrade your thunderbird packages...

SUSE-SU-2018:1448-1 Security update for openstack-nova

This update for openstack-nova fixes the following bugs and security issues: The following security-issue has been fixed: - CVE-2017-18191: libvirt: Block swap volume attempts with encrypted volumes. bsc1081685 Additionally, the following bugs have been fixed: - Set TasksMax to infinity for...

Researchers Defeat AMD's SEV Virtual Machine Encryption

German security researchers claim to have found a new practical attack against virtual machines VMs protected using AMD's Secure Encrypted Virtualization SEV technology that could allow attackers to recover plaintext memory data from guest VMs. AMD's Secure Encrypted Virtualization SEV technology...