CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
85.9%
The updated thunderbird packages fix security issues: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message. (CVE-2019-11739) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9. (CVE-2019-11740) Same-origin policy violation with SVG filters and canvas to steal cross-origin images. (CVE-2019-11742) Cross-origin access to unload event attributes. (CVE-2019-11743) XSS by breaking out of title and textarea elements using innerHTML. (CVE-2019-11744) Use-after-free while manipulating video. (CVE-2019-11746) Use-after-free while extracting a key value in IndexedDB. (CVE-2019-11752)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | thunderbird | < 68.1.0-1.1 | thunderbird-68.1.0-1.1.mga7 |
Mageia | 7 | noarch | thunderbird-l10n | < 68.1.0-1 | thunderbird-l10n-68.1.0-1.mga7 |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
85.9%