Details of VAR-202001-1433

ID

VAR-202001-1433

CVE

CVE-2019-11745

TITLE

Ubuntu Security Notice USN-4203-2

Trust: 0.1

sources: PACKETSTORM: 155487

DESCRIPTION

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. 7.5) - ppc64, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: nss, nss-softokn, nss-util security update Advisory ID: RHSA-2019:4190-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:4190 Issue date: 2019-12-10 CVE Names: CVE-2019-11729 CVE-2019-11745 ==================================================================== 1. Summary: An update for nss, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) * nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1728437 - CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault 1774831 - CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm ppc64: nss-3.44.0-7.el7_7.ppc.rpm nss-3.44.0-7.el7_7.ppc64.rpm nss-debuginfo-3.44.0-7.el7_7.ppc.rpm nss-debuginfo-3.44.0-7.el7_7.ppc64.rpm nss-devel-3.44.0-7.el7_7.ppc.rpm nss-devel-3.44.0-7.el7_7.ppc64.rpm nss-softokn-3.44.0-8.el7_7.ppc.rpm nss-softokn-3.44.0-8.el7_7.ppc64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.ppc.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.ppc64.rpm nss-softokn-devel-3.44.0-8.el7_7.ppc.rpm nss-softokn-devel-3.44.0-8.el7_7.ppc64.rpm nss-softokn-freebl-3.44.0-8.el7_7.ppc.rpm nss-softokn-freebl-3.44.0-8.el7_7.ppc64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64.rpm nss-sysinit-3.44.0-7.el7_7.ppc64.rpm nss-tools-3.44.0-7.el7_7.ppc64.rpm nss-util-3.44.0-4.el7_7.ppc.rpm nss-util-3.44.0-4.el7_7.ppc64.rpm nss-util-debuginfo-3.44.0-4.el7_7.ppc.rpm nss-util-debuginfo-3.44.0-4.el7_7.ppc64.rpm nss-util-devel-3.44.0-4.el7_7.ppc.rpm nss-util-devel-3.44.0-4.el7_7.ppc64.rpm ppc64le: nss-3.44.0-7.el7_7.ppc64le.rpm nss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm nss-devel-3.44.0-7.el7_7.ppc64le.rpm nss-softokn-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-devel-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-freebl-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64le.rpm nss-sysinit-3.44.0-7.el7_7.ppc64le.rpm nss-tools-3.44.0-7.el7_7.ppc64le.rpm nss-util-3.44.0-4.el7_7.ppc64le.rpm nss-util-debuginfo-3.44.0-4.el7_7.ppc64le.rpm nss-util-devel-3.44.0-4.el7_7.ppc64le.rpm s390x: nss-3.44.0-7.el7_7.s390.rpm nss-3.44.0-7.el7_7.s390x.rpm nss-debuginfo-3.44.0-7.el7_7.s390.rpm nss-debuginfo-3.44.0-7.el7_7.s390x.rpm nss-devel-3.44.0-7.el7_7.s390.rpm nss-devel-3.44.0-7.el7_7.s390x.rpm nss-softokn-3.44.0-8.el7_7.s390.rpm nss-softokn-3.44.0-8.el7_7.s390x.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.s390.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.s390x.rpm nss-softokn-devel-3.44.0-8.el7_7.s390.rpm nss-softokn-devel-3.44.0-8.el7_7.s390x.rpm nss-softokn-freebl-3.44.0-8.el7_7.s390.rpm nss-softokn-freebl-3.44.0-8.el7_7.s390x.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.s390.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.s390x.rpm nss-sysinit-3.44.0-7.el7_7.s390x.rpm nss-tools-3.44.0-7.el7_7.s390x.rpm nss-util-3.44.0-4.el7_7.s390.rpm nss-util-3.44.0-4.el7_7.s390x.rpm nss-util-debuginfo-3.44.0-4.el7_7.s390.rpm nss-util-debuginfo-3.44.0-4.el7_7.s390x.rpm nss-util-devel-3.44.0-4.el7_7.s390.rpm nss-util-devel-3.44.0-4.el7_7.s390x.rpm x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: nss-debuginfo-3.44.0-7.el7_7.ppc.rpm nss-debuginfo-3.44.0-7.el7_7.ppc64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.ppc.rpm nss-pkcs11-devel-3.44.0-7.el7_7.ppc64.rpm ppc64le: nss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm nss-pkcs11-devel-3.44.0-7.el7_7.ppc64le.rpm s390x: nss-debuginfo-3.44.0-7.el7_7.s390.rpm nss-debuginfo-3.44.0-7.el7_7.s390x.rpm nss-pkcs11-devel-3.44.0-7.el7_7.s390.rpm nss-pkcs11-devel-3.44.0-7.el7_7.s390x.rpm x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11729 https://access.redhat.com/security/cve/CVE-2019-11745 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXe/GMNzjgjWX9erEAQjtKBAAk1TZvBRRA8ZC4B0U49uerK/eMM24Q4xR PQWxuobDF/YzpJVZqDolO6CfRTBSnDHEuc/OkK0fC8Yskk0T9cp0DWAkHnUal0wB Zmd61xW4IGSHtEH+g7K8Rv0q8Mto5AeC1hggOwT+0INvRAAa/Qm0c7m0+OSyLIZi lgk9DLa+srY/6Z2wETS4b7DQiUA2nXegb7CbbnM0Mo2aooPeljsq6pkvyZy2Na0/ MMl/Xo8BWqU0lGrIBgVmrNRLMVkDJfVm7wSvBLaYk9EP758DfRLikm+GpGCowFUf +60rIxp1iG4Hto7BqusUwmJmdw6fDGeoJSX/qQu3ZHFbpEsd9HCzzGKg9QFmF/yY N4RWrM4KRMwqHG4qTpDYypKDn5QCGzh1dZuYQJ2gYLmHCBnTzrV0bDJtrzbUWwTx eFX1YLv4Vw6oYwT1cAx3Ho2B3kpufVezAzfUhtw8uj20Ix1B0NHDcCszNAFWrE8T QZ4BVVAzjl6xJoZSnjIQ+aBe3zVBW5P6yBhnqWUxS0VuGS3gbS6uPBMusr81sGK6 TjvPP+l8Ss6DQJic42+xruw8g8XqDqnUv3V12iTcOhqPtM7vmzExdMX5wXJ48lo9 Yl6UYkr6P4pM/vNQjgqD7UGud2ILthlwKzqdg9l4DZiA4pctAvAQtgEaL6783OK6 7R6thlrPkII=KHlQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4335-1 April 21, 2020 thunderbird vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Thunderbird. Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client Details: Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6825) It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745) It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903) It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792) Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822) It was discovered that if a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2020-6794) It was discovered that the Devtools’ ‘Copy as cURL’ feature did not fully escape website-controlled data. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to execute arbitrary commands via command injection. (CVE-2020-6811) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: thunderbird 1:68.7.0+build1-0ubuntu0.16.04.2 After a standard system update you need to restart Thunderbird to make all the necessary changes. 7) - aarch64, ppc64le, s390x 3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Firefox: Multiple vulnerabilities Date: March 12, 2020 Bugs: #702638, #705000, #709346, #712182 ID: 202003-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Background ========== Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 68.6.0 >= 68.6.0 2 www-client/firefox-bin < 68.6.0 >= 68.6.0 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-68.6.0" All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.6.0" References ========== [ 1 ] CVE-2019-11745 https://nvd.nist.gov/vuln/detail/CVE-2019-11745 [ 2 ] CVE-2019-17005 https://nvd.nist.gov/vuln/detail/CVE-2019-17005 [ 3 ] CVE-2019-17008 https://nvd.nist.gov/vuln/detail/CVE-2019-17008 [ 4 ] CVE-2019-17010 https://nvd.nist.gov/vuln/detail/CVE-2019-17010 [ 5 ] CVE-2019-17011 https://nvd.nist.gov/vuln/detail/CVE-2019-17011 [ 6 ] CVE-2019-17012 https://nvd.nist.gov/vuln/detail/CVE-2019-17012 [ 7 ] CVE-2019-17016 https://nvd.nist.gov/vuln/detail/CVE-2019-17016 [ 8 ] CVE-2019-17017 https://nvd.nist.gov/vuln/detail/CVE-2019-17017 [ 9 ] CVE-2019-17022 https://nvd.nist.gov/vuln/detail/CVE-2019-17022 [ 10 ] CVE-2019-17024 https://nvd.nist.gov/vuln/detail/CVE-2019-17024 [ 11 ] CVE-2019-17026 https://nvd.nist.gov/vuln/detail/CVE-2019-17026 [ 12 ] CVE-2019-20503 https://nvd.nist.gov/vuln/detail/CVE-2019-20503 [ 13 ] CVE-2020-6796 https://nvd.nist.gov/vuln/detail/CVE-2020-6796 [ 14 ] CVE-2020-6797 https://nvd.nist.gov/vuln/detail/CVE-2020-6797 [ 15 ] CVE-2020-6798 https://nvd.nist.gov/vuln/detail/CVE-2020-6798 [ 16 ] CVE-2020-6799 https://nvd.nist.gov/vuln/detail/CVE-2020-6799 [ 17 ] CVE-2020-6800 https://nvd.nist.gov/vuln/detail/CVE-2020-6800 [ 18 ] CVE-2020-6805 https://nvd.nist.gov/vuln/detail/CVE-2020-6805 [ 19 ] CVE-2020-6806 https://nvd.nist.gov/vuln/detail/CVE-2020-6806 [ 20 ] CVE-2020-6807 https://nvd.nist.gov/vuln/detail/CVE-2020-6807 [ 21 ] CVE-2020-6811 https://nvd.nist.gov/vuln/detail/CVE-2020-6811 [ 22 ] CVE-2020-6812 https://nvd.nist.gov/vuln/detail/CVE-2020-6812 [ 23 ] CVE-2020-6814 https://nvd.nist.gov/vuln/detail/CVE-2020-6814 [ 24 ] MFSA-2019-37 https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/ [ 25 ] MFSA-2020-03 https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ [ 26 ] MFSA-2020-06 https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/ [ 27 ] MFSA-2020-09 https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/ Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . For the stable distribution (buster), these problems have been fixed in version 2:3.42.1-1+deb10u2. We recommend that you upgrade your nss packages. For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8 TjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj sSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl Bt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq jG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH UTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0 hR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o DpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F 8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co TgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz Z4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5 yOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw= =QZmZ -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2019-11745 // VULMON: CVE-2019-11745 // PACKETSTORM: 155487 // PACKETSTORM: 157044 // PACKETSTORM: 156770 // PACKETSTORM: 155622 // PACKETSTORM: 157345 // PACKETSTORM: 157226 // PACKETSTORM: 157142 // PACKETSTORM: 156704 // PACKETSTORM: 155989 // PACKETSTORM: 155601

AFFECTED PRODUCTS

vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	mozilla	model:	firefox esr	scope:	lt	version:	68.3	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.10	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1400	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1512	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	mozilla	model:	thunderbird	scope:	lt	version:	68.3.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1510	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx5000	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	lt	version:	71.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1500	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1501	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1511	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox mx5000	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0

sources: NVD: CVE-2019-11745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11745
value:	HIGH
Trust: 1.0
VULMON:	CVE-2019-11745
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-11745
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2019-11745
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2019-11745 // NVD: CVE-2019-11745

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2019-11745

THREAT TYPE

remote

Trust: 0.2

sources: PACKETSTORM: 155487 // PACKETSTORM: 155989

TYPE

arbitrary

Trust: 0.3

sources: PACKETSTORM: 155487 // PACKETSTORM: 156704 // PACKETSTORM: 155601

PATCH

title:	Red Hat: Important: nss security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200243 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss-softokn security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201461 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194114 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss-softokn security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200466 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss-softokn security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194152 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss, nss-softokn, nss-util security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194190 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss-softokn security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201345 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss-softokn security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201267 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: nss vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-2	Trust: 0.1
title:	Ubuntu Security Notice: nss vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-1	Trust: 0.1
title:	Debian Security Advisories: DSA-4579-1 nss -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0af759a984821af0886871e7a26a298e	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-11745 log	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1379	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1379	Trust: 0.1
title:	IBM: Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=74fd642ff4a4659039a762a5a0a24106	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2023-1942	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-1942	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1384	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1384	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2020-1355	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1355	Trust: 0.1
title:	Ubuntu Security Notice: firefox vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-1	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201912-2] thunderbird: arbitrary code execution	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-2	Trust: 0.1
title:	Ubuntu Security Notice: firefox vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-2	Trust: 0.1
title:	Ubuntu Security Notice: thunderbird vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4241-1	Trust: 0.1
title:	Mozilla: Security Vulnerabilities fixed in - Firefox ESR 68.3	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=940e53f5eecee1395e2713b0ed07506b	Trust: 0.1
title:	Mozilla: Security Vulnerabilities fixed in - Thunderbird 68.3	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=dffa374fab03b4f5b5596346629ccc8c	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201912-1] firefox: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-1	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=409c1cd1b8ef401020956950fd839000	Trust: 0.1
title:	Mozilla: Security Vulnerabilities fixed in - Firefox 71	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=a8e439d387c58595bbdb24cc3bdadd40	Trust: 0.1
title:	Ubuntu Security Notice: thunderbird vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4335-1	Trust: 0.1
title:	-	url:	https://github.com/vincent-deng/veracode-container-security-finding-parser	Trust: 0.1

sources: VULMON: CVE-2019-11745

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11745	Trust: 2.1
db:	ICS CERT	id:	ICSA-21-040-04	Trust: 1.1
db:	SIEMENS	id:	SSA-379803	Trust: 1.1
db:	VULMON	id:	CVE-2019-11745	Trust: 0.1
db:	PACKETSTORM	id:	155487	Trust: 0.1
db:	PACKETSTORM	id:	157044	Trust: 0.1
db:	PACKETSTORM	id:	156770	Trust: 0.1
db:	PACKETSTORM	id:	155622	Trust: 0.1
db:	PACKETSTORM	id:	157345	Trust: 0.1
db:	PACKETSTORM	id:	157226	Trust: 0.1
db:	PACKETSTORM	id:	157142	Trust: 0.1
db:	PACKETSTORM	id:	156704	Trust: 0.1
db:	PACKETSTORM	id:	155989	Trust: 0.1
db:	PACKETSTORM	id:	155601	Trust: 0.1

sources: VULMON: CVE-2019-11745 // PACKETSTORM: 155487 // PACKETSTORM: 157044 // PACKETSTORM: 156770 // PACKETSTORM: 155622 // PACKETSTORM: 157345 // PACKETSTORM: 157226 // PACKETSTORM: 157142 // PACKETSTORM: 156704 // PACKETSTORM: 155989 // PACKETSTORM: 155601 // NVD: CVE-2019-11745

REFERENCES

url:	https://access.redhat.com/errata/rhsa-2020:0243	Trust: 1.2
url:	https://security.gentoo.org/glsa/202003-02	Trust: 1.2
url:	https://security.gentoo.org/glsa/202003-37	Trust: 1.2
url:	https://www.mozilla.org/security/advisories/mfsa2019-38/	Trust: 1.1
url:	https://www.mozilla.org/security/advisories/mfsa2019-37/	Trust: 1.1
url:	https://www.mozilla.org/security/advisories/mfsa2019-36/	Trust: 1.1
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1586176	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html	Trust: 1.1
url:	https://usn.ubuntu.com/4241-1/	Trust: 1.1
url:	https://access.redhat.com/errata/rhsa-2020:0466	Trust: 1.1
url:	https://security.gentoo.org/glsa/202003-10	Trust: 1.1
url:	https://usn.ubuntu.com/4335-1/	Trust: 1.1
url:	https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html	Trust: 1.1
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf	Trust: 1.1
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11745	Trust: 1.0
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-11745	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0495	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-0495	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17026	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17022	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17016	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17024	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17011	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17012	Trust: 0.3
url:	https://bugs.gentoo.org.	Trust: 0.2
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.2
url:	https://security.gentoo.org/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17008	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6814	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6798	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6805	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6800	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6811	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6812	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17005	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/4203-2/	Trust: 0.1
url:	https://usn.ubuntu.com/4203-1/	Trust: 0.1
url:	https://usn.ubuntu.com/4203-1	Trust: 0.1
url:	https://usn.ubuntu.com/4203-2	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:1267	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11696	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11695	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18508	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11697	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11698	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11729	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11729	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2019:4190	Trust: 0.1
url:	https://usn.ubuntu.com/4335-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6821	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11761	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6825	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11764	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6822	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:68.7.0+build1-0ubuntu0.16.04.2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6794	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11755	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11759	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6792	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11760	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11763	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:1461	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:1345	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6799	Trust: 0.1
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2020-09/	Trust: 0.1
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2020-03/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17017	Trust: 0.1
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2020-06/	Trust: 0.1
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2019-37/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6806	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17010	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20503	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6796	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6807	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:68.4.1+build1-0ubuntu0.18.04.1	Trust: 0.1
url:	https://usn.ubuntu.com/4241-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:68.4.1+build1-0ubuntu0.19.10.1	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/nss	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17007	Trust: 0.1

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 157044 // PACKETSTORM: 155622 // PACKETSTORM: 157226 // PACKETSTORM: 157142

SOURCES

db:	VULMON	id:	CVE-2019-11745
db:	PACKETSTORM	id:	155487
db:	PACKETSTORM	id:	157044
db:	PACKETSTORM	id:	156770
db:	PACKETSTORM	id:	155622
db:	PACKETSTORM	id:	157345
db:	PACKETSTORM	id:	157226
db:	PACKETSTORM	id:	157142
db:	PACKETSTORM	id:	156704
db:	PACKETSTORM	id:	155989
db:	PACKETSTORM	id:	155601
db:	NVD	id:	CVE-2019-11745

LAST UPDATE DATE

2024-11-20T22:25:03.637000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-11745	date:	2021-02-19T00:00:00
db:	NVD	id:	CVE-2019-11745	date:	2021-02-19T17:22:17.650

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-11745	date:	2020-01-08T00:00:00
db:	PACKETSTORM	id:	155487	date:	2019-11-28T01:22:40
db:	PACKETSTORM	id:	157044	date:	2020-04-01T15:23:37
db:	PACKETSTORM	id:	156770	date:	2020-03-16T22:35:27
db:	PACKETSTORM	id:	155622	date:	2019-12-10T23:01:23
db:	PACKETSTORM	id:	157345	date:	2020-04-22T15:10:10
db:	PACKETSTORM	id:	157226	date:	2020-04-15T00:12:17
db:	PACKETSTORM	id:	157142	date:	2020-04-07T16:41:47
db:	PACKETSTORM	id:	156704	date:	2020-03-12T20:16:23
db:	PACKETSTORM	id:	155989	date:	2020-01-17T16:38:14
db:	PACKETSTORM	id:	155601	date:	2019-12-09T22:22:22
db:	NVD	id:	CVE-2019-11745	date:	2020-01-08T20:15:12.313