Home

CVE-2019-11739

Description

Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.266

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac (68.10.0)Mac
Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac 60.9Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 60.9Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 68.1Mac
thunderbird security update(DSA-4523-1) thunderbird_60.9.0-1~deb9u1_i386.debLinux
thunderbird security update(DSA-4523-1) thunderbird_60.9.0-1~deb9u1_amd64.debLinux
thunderbird security update(DSA-4523-1) thunderbird_60.9.0-1~deb10u1_amd64.debLinux
(RHSA-2019:2773) thunderbird security update thunderbird-60.9.0-1.el7_7.x86_64.rpmLinux
(RHSA-2019:2774) thunderbird security update thunderbird-60.9.0-2.el8_0.x86_64.rpmLinux
(RHSA-2019:2774) thunderbird security update thunderbird-debugsource-60.9.0-2.el8_0.x86_64.rpmLinux
(RHSA-2019:2807) thunderbird security update thunderbird-60.9.0-1.el6_10.i686.rpmLinux
(RHSA-2019:2807) thunderbird security update thunderbird-60.9.0-1.el6_10.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-611353Mozilla Thunderbird For Mac (128.12.0)
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-611807Mozilla Thunderbird For Mac (142.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234