ID

VAR-202001-1433


CVE

CVE-2019-11745


TITLE

Ubuntu Security Notice USN-4203-2

Trust: 0.1

sources: PACKETSTORM: 155487

DESCRIPTION

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. 7.5) - ppc64, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: nss, nss-softokn, nss-util security update Advisory ID: RHSA-2019:4190-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:4190 Issue date: 2019-12-10 CVE Names: CVE-2019-11729 CVE-2019-11745 ==================================================================== 1. Summary: An update for nss, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) * nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1728437 - CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault 1774831 - CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm ppc64: nss-3.44.0-7.el7_7.ppc.rpm nss-3.44.0-7.el7_7.ppc64.rpm nss-debuginfo-3.44.0-7.el7_7.ppc.rpm nss-debuginfo-3.44.0-7.el7_7.ppc64.rpm nss-devel-3.44.0-7.el7_7.ppc.rpm nss-devel-3.44.0-7.el7_7.ppc64.rpm nss-softokn-3.44.0-8.el7_7.ppc.rpm nss-softokn-3.44.0-8.el7_7.ppc64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.ppc.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.ppc64.rpm nss-softokn-devel-3.44.0-8.el7_7.ppc.rpm nss-softokn-devel-3.44.0-8.el7_7.ppc64.rpm nss-softokn-freebl-3.44.0-8.el7_7.ppc.rpm nss-softokn-freebl-3.44.0-8.el7_7.ppc64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64.rpm nss-sysinit-3.44.0-7.el7_7.ppc64.rpm nss-tools-3.44.0-7.el7_7.ppc64.rpm nss-util-3.44.0-4.el7_7.ppc.rpm nss-util-3.44.0-4.el7_7.ppc64.rpm nss-util-debuginfo-3.44.0-4.el7_7.ppc.rpm nss-util-debuginfo-3.44.0-4.el7_7.ppc64.rpm nss-util-devel-3.44.0-4.el7_7.ppc.rpm nss-util-devel-3.44.0-4.el7_7.ppc64.rpm ppc64le: nss-3.44.0-7.el7_7.ppc64le.rpm nss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm nss-devel-3.44.0-7.el7_7.ppc64le.rpm nss-softokn-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-devel-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-freebl-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64le.rpm nss-sysinit-3.44.0-7.el7_7.ppc64le.rpm nss-tools-3.44.0-7.el7_7.ppc64le.rpm nss-util-3.44.0-4.el7_7.ppc64le.rpm nss-util-debuginfo-3.44.0-4.el7_7.ppc64le.rpm nss-util-devel-3.44.0-4.el7_7.ppc64le.rpm s390x: nss-3.44.0-7.el7_7.s390.rpm nss-3.44.0-7.el7_7.s390x.rpm nss-debuginfo-3.44.0-7.el7_7.s390.rpm nss-debuginfo-3.44.0-7.el7_7.s390x.rpm nss-devel-3.44.0-7.el7_7.s390.rpm nss-devel-3.44.0-7.el7_7.s390x.rpm nss-softokn-3.44.0-8.el7_7.s390.rpm nss-softokn-3.44.0-8.el7_7.s390x.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.s390.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.s390x.rpm nss-softokn-devel-3.44.0-8.el7_7.s390.rpm nss-softokn-devel-3.44.0-8.el7_7.s390x.rpm nss-softokn-freebl-3.44.0-8.el7_7.s390.rpm nss-softokn-freebl-3.44.0-8.el7_7.s390x.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.s390.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.s390x.rpm nss-sysinit-3.44.0-7.el7_7.s390x.rpm nss-tools-3.44.0-7.el7_7.s390x.rpm nss-util-3.44.0-4.el7_7.s390.rpm nss-util-3.44.0-4.el7_7.s390x.rpm nss-util-debuginfo-3.44.0-4.el7_7.s390.rpm nss-util-debuginfo-3.44.0-4.el7_7.s390x.rpm nss-util-devel-3.44.0-4.el7_7.s390.rpm nss-util-devel-3.44.0-4.el7_7.s390x.rpm x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: nss-debuginfo-3.44.0-7.el7_7.ppc.rpm nss-debuginfo-3.44.0-7.el7_7.ppc64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.ppc.rpm nss-pkcs11-devel-3.44.0-7.el7_7.ppc64.rpm ppc64le: nss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm nss-pkcs11-devel-3.44.0-7.el7_7.ppc64le.rpm s390x: nss-debuginfo-3.44.0-7.el7_7.s390.rpm nss-debuginfo-3.44.0-7.el7_7.s390x.rpm nss-pkcs11-devel-3.44.0-7.el7_7.s390.rpm nss-pkcs11-devel-3.44.0-7.el7_7.s390x.rpm x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11729 https://access.redhat.com/security/cve/CVE-2019-11745 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXe/GMNzjgjWX9erEAQjtKBAAk1TZvBRRA8ZC4B0U49uerK/eMM24Q4xR PQWxuobDF/YzpJVZqDolO6CfRTBSnDHEuc/OkK0fC8Yskk0T9cp0DWAkHnUal0wB Zmd61xW4IGSHtEH+g7K8Rv0q8Mto5AeC1hggOwT+0INvRAAa/Qm0c7m0+OSyLIZi lgk9DLa+srY/6Z2wETS4b7DQiUA2nXegb7CbbnM0Mo2aooPeljsq6pkvyZy2Na0/ MMl/Xo8BWqU0lGrIBgVmrNRLMVkDJfVm7wSvBLaYk9EP758DfRLikm+GpGCowFUf +60rIxp1iG4Hto7BqusUwmJmdw6fDGeoJSX/qQu3ZHFbpEsd9HCzzGKg9QFmF/yY N4RWrM4KRMwqHG4qTpDYypKDn5QCGzh1dZuYQJ2gYLmHCBnTzrV0bDJtrzbUWwTx eFX1YLv4Vw6oYwT1cAx3Ho2B3kpufVezAzfUhtw8uj20Ix1B0NHDcCszNAFWrE8T QZ4BVVAzjl6xJoZSnjIQ+aBe3zVBW5P6yBhnqWUxS0VuGS3gbS6uPBMusr81sGK6 TjvPP+l8Ss6DQJic42+xruw8g8XqDqnUv3V12iTcOhqPtM7vmzExdMX5wXJ48lo9 Yl6UYkr6P4pM/vNQjgqD7UGud2ILthlwKzqdg9l4DZiA4pctAvAQtgEaL6783OK6 7R6thlrPkII=KHlQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4335-1 April 21, 2020 thunderbird vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Thunderbird. Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client Details: Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6825) It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745) It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903) It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792) Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822) It was discovered that if a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2020-6794) It was discovered that the Devtools’ ‘Copy as cURL’ feature did not fully escape website-controlled data. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to execute arbitrary commands via command injection. (CVE-2020-6811) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: thunderbird 1:68.7.0+build1-0ubuntu0.16.04.2 After a standard system update you need to restart Thunderbird to make all the necessary changes. 7) - aarch64, ppc64le, s390x 3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Firefox: Multiple vulnerabilities Date: March 12, 2020 Bugs: #702638, #705000, #709346, #712182 ID: 202003-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Background ========== Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 68.6.0 >= 68.6.0 2 www-client/firefox-bin < 68.6.0 >= 68.6.0 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-68.6.0" All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.6.0" References ========== [ 1 ] CVE-2019-11745 https://nvd.nist.gov/vuln/detail/CVE-2019-11745 [ 2 ] CVE-2019-17005 https://nvd.nist.gov/vuln/detail/CVE-2019-17005 [ 3 ] CVE-2019-17008 https://nvd.nist.gov/vuln/detail/CVE-2019-17008 [ 4 ] CVE-2019-17010 https://nvd.nist.gov/vuln/detail/CVE-2019-17010 [ 5 ] CVE-2019-17011 https://nvd.nist.gov/vuln/detail/CVE-2019-17011 [ 6 ] CVE-2019-17012 https://nvd.nist.gov/vuln/detail/CVE-2019-17012 [ 7 ] CVE-2019-17016 https://nvd.nist.gov/vuln/detail/CVE-2019-17016 [ 8 ] CVE-2019-17017 https://nvd.nist.gov/vuln/detail/CVE-2019-17017 [ 9 ] CVE-2019-17022 https://nvd.nist.gov/vuln/detail/CVE-2019-17022 [ 10 ] CVE-2019-17024 https://nvd.nist.gov/vuln/detail/CVE-2019-17024 [ 11 ] CVE-2019-17026 https://nvd.nist.gov/vuln/detail/CVE-2019-17026 [ 12 ] CVE-2019-20503 https://nvd.nist.gov/vuln/detail/CVE-2019-20503 [ 13 ] CVE-2020-6796 https://nvd.nist.gov/vuln/detail/CVE-2020-6796 [ 14 ] CVE-2020-6797 https://nvd.nist.gov/vuln/detail/CVE-2020-6797 [ 15 ] CVE-2020-6798 https://nvd.nist.gov/vuln/detail/CVE-2020-6798 [ 16 ] CVE-2020-6799 https://nvd.nist.gov/vuln/detail/CVE-2020-6799 [ 17 ] CVE-2020-6800 https://nvd.nist.gov/vuln/detail/CVE-2020-6800 [ 18 ] CVE-2020-6805 https://nvd.nist.gov/vuln/detail/CVE-2020-6805 [ 19 ] CVE-2020-6806 https://nvd.nist.gov/vuln/detail/CVE-2020-6806 [ 20 ] CVE-2020-6807 https://nvd.nist.gov/vuln/detail/CVE-2020-6807 [ 21 ] CVE-2020-6811 https://nvd.nist.gov/vuln/detail/CVE-2020-6811 [ 22 ] CVE-2020-6812 https://nvd.nist.gov/vuln/detail/CVE-2020-6812 [ 23 ] CVE-2020-6814 https://nvd.nist.gov/vuln/detail/CVE-2020-6814 [ 24 ] MFSA-2019-37 https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/ [ 25 ] MFSA-2020-03 https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ [ 26 ] MFSA-2020-06 https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/ [ 27 ] MFSA-2020-09 https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/ Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . For the stable distribution (buster), these problems have been fixed in version 2:3.42.1-1+deb10u2. We recommend that you upgrade your nss packages. For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8 TjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj sSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl Bt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq jG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH UTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0 hR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o DpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F 8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co TgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz Z4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5 yOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw= =QZmZ -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2019-11745 // VULMON: CVE-2019-11745 // PACKETSTORM: 155487 // PACKETSTORM: 157044 // PACKETSTORM: 156770 // PACKETSTORM: 155622 // PACKETSTORM: 157345 // PACKETSTORM: 157226 // PACKETSTORM: 157142 // PACKETSTORM: 156704 // PACKETSTORM: 155989 // PACKETSTORM: 155601

AFFECTED PRODUCTS

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:mozillamodel:firefox esrscope:ltversion:68.3

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1400scope:ltversion:2.14.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1512scope:ltversion:2.14.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:mozillamodel:thunderbirdscope:ltversion:68.3.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1510scope:ltversion:2.14.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx5000scope:ltversion:2.14.0

Trust: 1.0

vendor:mozillamodel:firefoxscope:ltversion:71.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1500scope:ltversion:2.14.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1501scope:ltversion:2.14.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1511scope:ltversion:2.14.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox mx5000scope:ltversion:2.14.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.6

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

sources: NVD: CVE-2019-11745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11745
value: HIGH

Trust: 1.0

VULMON: CVE-2019-11745
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11745
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2019-11745
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2019-11745 // NVD: CVE-2019-11745

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2019-11745

THREAT TYPE

remote

Trust: 0.2

sources: PACKETSTORM: 155487 // PACKETSTORM: 155989

TYPE

arbitrary

Trust: 0.3

sources: PACKETSTORM: 155487 // PACKETSTORM: 156704 // PACKETSTORM: 155601

PATCH

title:Red Hat: Important: nss security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200243 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201461 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194114 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200466 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194152 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss, nss-softokn, nss-util security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194190 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201345 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201267 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: nss vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-2

Trust: 0.1

title:Ubuntu Security Notice: nss vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-1

Trust: 0.1

title:Debian Security Advisories: DSA-4579-1 nss -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0af759a984821af0886871e7a26a298e

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-11745 log

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1379url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1379

Trust: 0.1

title:IBM: Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=74fd642ff4a4659039a762a5a0a24106

Trust: 0.1

title:Amazon Linux 2: ALAS2-2023-1942url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-1942

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1384url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1384

Trust: 0.1

title:Amazon Linux AMI: ALAS-2020-1355url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1355

Trust: 0.1

title:Ubuntu Security Notice: firefox vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-1

Trust: 0.1

title:Arch Linux Advisories: [ASA-201912-2] thunderbird: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-2

Trust: 0.1

title:Ubuntu Security Notice: firefox vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-2

Trust: 0.1

title:Ubuntu Security Notice: thunderbird vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4241-1

Trust: 0.1

title:Mozilla: Security Vulnerabilities fixed in - Firefox ESR 68.3url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=940e53f5eecee1395e2713b0ed07506b

Trust: 0.1

title:Mozilla: Security Vulnerabilities fixed in - Thunderbird 68.3url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=dffa374fab03b4f5b5596346629ccc8c

Trust: 0.1

title:Arch Linux Advisories: [ASA-201912-1] firefox: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-1

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=409c1cd1b8ef401020956950fd839000

Trust: 0.1

title:Mozilla: Security Vulnerabilities fixed in - Firefox 71url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=a8e439d387c58595bbdb24cc3bdadd40

Trust: 0.1

title:Ubuntu Security Notice: thunderbird vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4335-1

Trust: 0.1

title: - url:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

sources: VULMON: CVE-2019-11745

EXTERNAL IDS

db:NVDid:CVE-2019-11745

Trust: 2.1

db:ICS CERTid:ICSA-21-040-04

Trust: 1.1

db:SIEMENSid:SSA-379803

Trust: 1.1

db:VULMONid:CVE-2019-11745

Trust: 0.1

db:PACKETSTORMid:155487

Trust: 0.1

db:PACKETSTORMid:157044

Trust: 0.1

db:PACKETSTORMid:156770

Trust: 0.1

db:PACKETSTORMid:155622

Trust: 0.1

db:PACKETSTORMid:157345

Trust: 0.1

db:PACKETSTORMid:157226

Trust: 0.1

db:PACKETSTORMid:157142

Trust: 0.1

db:PACKETSTORMid:156704

Trust: 0.1

db:PACKETSTORMid:155989

Trust: 0.1

db:PACKETSTORMid:155601

Trust: 0.1

sources: VULMON: CVE-2019-11745 // PACKETSTORM: 155487 // PACKETSTORM: 157044 // PACKETSTORM: 156770 // PACKETSTORM: 155622 // PACKETSTORM: 157345 // PACKETSTORM: 157226 // PACKETSTORM: 157142 // PACKETSTORM: 156704 // PACKETSTORM: 155989 // PACKETSTORM: 155601 // NVD: CVE-2019-11745

REFERENCES

url:https://access.redhat.com/errata/rhsa-2020:0243

Trust: 1.2

url:https://security.gentoo.org/glsa/202003-02

Trust: 1.2

url:https://security.gentoo.org/glsa/202003-37

Trust: 1.2

url:https://www.mozilla.org/security/advisories/mfsa2019-38/

Trust: 1.1

url:https://www.mozilla.org/security/advisories/mfsa2019-37/

Trust: 1.1

url:https://www.mozilla.org/security/advisories/mfsa2019-36/

Trust: 1.1

url:https://bugzilla.mozilla.org/show_bug.cgi?id=1586176

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html

Trust: 1.1

url:https://usn.ubuntu.com/4241-1/

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2020:0466

Trust: 1.1

url:https://security.gentoo.org/glsa/202003-10

Trust: 1.1

url:https://usn.ubuntu.com/4335-1/

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf

Trust: 1.1

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11745

Trust: 1.0

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-11745

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-0495

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-0495

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17026

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17022

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17016

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17024

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17011

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17012

Trust: 0.3

url:https://bugs.gentoo.org.

Trust: 0.2

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.2

url:https://security.gentoo.org/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17008

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-6814

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-6798

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-6805

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-6800

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-6811

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-6812

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17005

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/4203-2/

Trust: 0.1

url:https://usn.ubuntu.com/4203-1/

Trust: 0.1

url:https://usn.ubuntu.com/4203-1

Trust: 0.1

url:https://usn.ubuntu.com/4203-2

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1267

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-11696

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-11695

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18508

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-11697

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-11698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11729

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11729

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2019:4190

Trust: 0.1

url:https://usn.ubuntu.com/4335-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6821

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11761

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6825

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11764

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6822

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/thunderbird/1:68.7.0+build1-0ubuntu0.16.04.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6794

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11755

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11759

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6792

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11760

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11763

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1461

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1345

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6799

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2020-09/

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2020-03/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17017

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2020-06/

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2019-37/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6806

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17010

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20503

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6796

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6807

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/thunderbird/1:68.4.1+build1-0ubuntu0.18.04.1

Trust: 0.1

url:https://usn.ubuntu.com/4241-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/thunderbird/1:68.4.1+build1-0ubuntu0.19.10.1

Trust: 0.1

url:https://security-tracker.debian.org/tracker/nss

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17007

Trust: 0.1

sources: VULMON: CVE-2019-11745 // PACKETSTORM: 155487 // PACKETSTORM: 157044 // PACKETSTORM: 156770 // PACKETSTORM: 155622 // PACKETSTORM: 157345 // PACKETSTORM: 157226 // PACKETSTORM: 157142 // PACKETSTORM: 156704 // PACKETSTORM: 155989 // PACKETSTORM: 155601 // NVD: CVE-2019-11745

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 157044 // PACKETSTORM: 155622 // PACKETSTORM: 157226 // PACKETSTORM: 157142

SOURCES

db:VULMONid:CVE-2019-11745
db:PACKETSTORMid:155487
db:PACKETSTORMid:157044
db:PACKETSTORMid:156770
db:PACKETSTORMid:155622
db:PACKETSTORMid:157345
db:PACKETSTORMid:157226
db:PACKETSTORMid:157142
db:PACKETSTORMid:156704
db:PACKETSTORMid:155989
db:PACKETSTORMid:155601
db:NVDid:CVE-2019-11745

LAST UPDATE DATE

2024-11-20T22:25:03.637000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2019-11745date:2021-02-19T00:00:00
db:NVDid:CVE-2019-11745date:2021-02-19T17:22:17.650

SOURCES RELEASE DATE

db:VULMONid:CVE-2019-11745date:2020-01-08T00:00:00
db:PACKETSTORMid:155487date:2019-11-28T01:22:40
db:PACKETSTORMid:157044date:2020-04-01T15:23:37
db:PACKETSTORMid:156770date:2020-03-16T22:35:27
db:PACKETSTORMid:155622date:2019-12-10T23:01:23
db:PACKETSTORMid:157345date:2020-04-22T15:10:10
db:PACKETSTORMid:157226date:2020-04-15T00:12:17
db:PACKETSTORMid:157142date:2020-04-07T16:41:47
db:PACKETSTORMid:156704date:2020-03-12T20:16:23
db:PACKETSTORMid:155989date:2020-01-17T16:38:14
db:PACKETSTORMid:155601date:2019-12-09T22:22:22
db:NVDid:CVE-2019-11745date:2020-01-08T20:15:12.313