Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-11706Type Confusion in Mozilla Thunderbird

CWE-843Type Confusion9 documents8 sources
Severity
7.5HIGHNVD
EPSS
4.1%
top 11.40%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Mozilla ThunderbirdDebian Thunderbird
Timeline
PublishedJul 23
Latest updateMay 24

Description

A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

debiandebian/thunderbird< thunderbird 1:60.7.1-1 (bookworm)
CVEListV5mozilla/thunderbirdunspecified60.7.1
NVDmozilla/thunderbird< 60.7.1
Debianmozilla/thunderbird< 1:60.7.1-1+3

🔴Vulnerability Details

2
GHSA
GHSA-mj34-7h26-pj8g: A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages2022-05-24
OSV
CVE-2019-11706: A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages2019-07-23

💥Exploits & PoCs

1
Exploit-DB
Thunderbird ESR < 60.7.XXX - Type Confusion2019-06-17

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2019-06-20
Red Hat
libical: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c2019-06-13
Debian
CVE-2019-11706: thunderbird - A flaw in Thunderbird's implementation of iCal causes a type confusion in icalti...2019

💬Community

2
Bugzilla
CVE-2019-11706 thunderbird: libical: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c [fedora-all]2019-06-14
Bugzilla
CVE-2019-11706 libical: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c2019-06-12