CVE-2019-11706

CVE-2019-11706 is a type confusion in Thunderbird’s libical implementation, specifically icaltimezone_get_vtimezone_properties, triggered by certain emails and leading to a crash in Thunderbird

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20190627)

Security Fixes : - Mozilla: Type confusion in Array.pop CVE-2019-11707 - thunderbird: Stack buffer overflow in icalrecuraddbydayrules in icalrecur.c CVE-2019-11705 - Mozilla: Sandbox escape using Prompt:Open CVE-2019-11708 - thunderbird: Heap buffer over read in icalparser.c parsergetnextchar...

libical: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c

A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezonegetvtimezoneproperties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird 60.7.1...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-1583)

This update for MozillaThunderbird fixes the following security issues : - CVE-2019-11703: Fixed a heap-based buffer overflow in icalmemorystrdupanddequote bsc1137595. - CVE-2019-11704: Fixed a heap-based buffer overflow in parsergetnextchar bsc1137595. - CVE-2019-11705: Fixed a stack-based buffe...