25 matches found
CVE-2018-18513
A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service DOS attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird 60.5...
EUVD-2018-10238
Malware in sbrugna...
EUVD-2006-7227
Malware in sbrugna...
EUVD-2014-8913
Malware in sbrugna...
EUVD-2012-1195
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2012-1165
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mimeparamcmp function in crypto/asn1/asnmime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service NULL...
Oracle Linux 5 : openssl (ELSA-2009-1335)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-1335 advisory. - fix CVE-2009-1386 CVE-2009-1387 DTLS DoS problems 503685, 503688 - fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 DTLS DoS problems 501253, 501254,...
CVE-2021-43529
Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...
OPENSUSE-SU-2021:0387-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.8 fixed: Importing an address book from a CSV file always reported an error fixed: Security information for S/MIME messages was not displayed correctly prior to a draft being saved fixed: Calendar: FileLink UI...
Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4335-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an...
CVE-2019-11755
A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...
Security fix for the ALT Linux 10 package thunderbird version 68.1.2-alt1
Oct. 13, 2019 Andrey Cherepanov 68.1.2-alt1 - New version 68.1.2. - Fixed: + CVE-2019-11739 Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message + CVE-2019-11746 Use-after-free while manipulating video + CVE-2019-11744 XSS by breaking out of title and textarea...
Code injection
A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...
CVE-2019-11755
A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...
CVE-2019-11755
A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...
Code injection
A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service DOS attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird 60.5...
CVE-2014-9087
Integer underflow in the ksbaoidtostr function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service crash via a crafted OID in a 1 S/MIME message or 2 ECC based OpenPGP data, which triggers a buffer overflow...
CVE-2014-9087
Integer underflow in the ksbaoidtostr function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service crash via a crafted OID in a 1 S/MIME message or 2 ECC based OpenPGP data, which triggers a buffer overflow...
UBUNTU-CVE-2014-9087
Integer underflow in the ksbaoidtostr function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service crash via a crafted OID in a 1 S/MIME message or 2 ECC based OpenPGP data, which triggers a buffer overflow...
SOL15349 - OpenSSL 0.9.8t Denial of Service via S/MIME msg vulnerability CVE-2006-7250
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...