Bugzilla – Bug 1152375
VUL-0: CVE-2019-11755: MozillaThunderbird: spoofing a message author via a crafted S/MIME
Last modified: 2019-11-13 17:09:26 UTC
Fixed in Mozilla Thunderbird 68.1.1: CVE-2019-11755: Spoofing a message author via a crafted S/MIME message A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1240290 https://www.mozilla.org/en-US/security/advisories/mfsa2019-32/#CVE-2019-11755
SUSE-SU-2019:2515-1: An update that fixes 27 vulnerabilities is now available. Category: security (important) Bug References: 1140868,1141322,1149296,1149297,1149298,1149299,1149303,1149304,1150939,1152375 CVE References: CVE-2019-11709,CVE-2019-11710,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11714,CVE-2019-11715,CVE-2019-11716,CVE-2019-11717,CVE-2019-11719,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11729,CVE-2019-11730,CVE-2019-11739,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11752,CVE-2019-11755 Sources used: SUSE Linux Enterprise Workstation Extension 15-SP1 (src): MozillaThunderbird-68.1.1-3.51.1 SUSE Linux Enterprise Workstation Extension 15 (src): MozillaThunderbird-68.1.1-3.51.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:2249-1: An update that fixes 27 vulnerabilities is now available. Category: security (important) Bug References: 1140868,1141322,1149296,1149297,1149298,1149299,1149303,1149304,1150939,1152375 CVE References: CVE-2019-11709,CVE-2019-11710,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11714,CVE-2019-11715,CVE-2019-11716,CVE-2019-11717,CVE-2019-11719,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11729,CVE-2019-11730,CVE-2019-11739,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11752,CVE-2019-11755 Sources used: openSUSE Leap 15.1 (src): MozillaThunderbird-68.1.1-lp151.2.13.1, enigmail-2.1.2-lp151.2.6.1
openSUSE-SU-2019:2248-1: An update that fixes 27 vulnerabilities is now available. Category: security (important) Bug References: 1140868,1141322,1149296,1149297,1149298,1149299,1149303,1149304,1150939,1152375 CVE References: CVE-2019-11709,CVE-2019-11710,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11714,CVE-2019-11715,CVE-2019-11716,CVE-2019-11717,CVE-2019-11719,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11729,CVE-2019-11730,CVE-2019-11739,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11752,CVE-2019-11755 Sources used: openSUSE Leap 15.0 (src): MozillaThunderbird-68.1.1-lp150.3.51.1, enigmail-2.1.2-lp150.34.1
Martin - can you check this set of thunderbird bugs and make sure they are fixed. If so assign them back to the security team. Thanks.
As stated in the opening post: This has been fixed with 68.1.1
released