Bugzilla – Bug 1150939
VUL-0: CVE-2019-11739: MozillaThunderbird: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message
Last modified: 2020-05-06 08:03:23 UTC
CVE-2019-11739 Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11739 References: https://bugzilla.redhat.com/show_bug.cgi?id=1752307 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11739 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11739.html http://www.debian.org/security/-1/dsa-4523
SUSE-SU-2019:2515-1: An update that fixes 27 vulnerabilities is now available. Category: security (important) Bug References: 1140868,1141322,1149296,1149297,1149298,1149299,1149303,1149304,1150939,1152375 CVE References: CVE-2019-11709,CVE-2019-11710,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11714,CVE-2019-11715,CVE-2019-11716,CVE-2019-11717,CVE-2019-11719,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11729,CVE-2019-11730,CVE-2019-11739,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11752,CVE-2019-11755 Sources used: SUSE Linux Enterprise Workstation Extension 15-SP1 (src): MozillaThunderbird-68.1.1-3.51.1 SUSE Linux Enterprise Workstation Extension 15 (src): MozillaThunderbird-68.1.1-3.51.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:2249-1: An update that fixes 27 vulnerabilities is now available. Category: security (important) Bug References: 1140868,1141322,1149296,1149297,1149298,1149299,1149303,1149304,1150939,1152375 CVE References: CVE-2019-11709,CVE-2019-11710,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11714,CVE-2019-11715,CVE-2019-11716,CVE-2019-11717,CVE-2019-11719,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11729,CVE-2019-11730,CVE-2019-11739,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11752,CVE-2019-11755 Sources used: openSUSE Leap 15.1 (src): MozillaThunderbird-68.1.1-lp151.2.13.1, enigmail-2.1.2-lp151.2.6.1
openSUSE-SU-2019:2248-1: An update that fixes 27 vulnerabilities is now available. Category: security (important) Bug References: 1140868,1141322,1149296,1149297,1149298,1149299,1149303,1149304,1150939,1152375 CVE References: CVE-2019-11709,CVE-2019-11710,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11714,CVE-2019-11715,CVE-2019-11716,CVE-2019-11717,CVE-2019-11719,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11729,CVE-2019-11730,CVE-2019-11739,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11752,CVE-2019-11755 Sources used: openSUSE Leap 15.0 (src): MozillaThunderbird-68.1.1-lp150.3.51.1, enigmail-2.1.2-lp150.34.1
Martin - can you check this set of thunderbird bugs and make sure they are fixed. If so assign them back to the security team. Thanks.
This has been fixed with the release of Thunderbird 68.1 (MFSA2019-30)
Done