This archive contains proof of concepts and a whitepaper that describes multiple email client implementations where popular clients for email are vulnerable to signature spoofing attacks.
3356c7f94ef68ddc7268602c64a93e10fbaff874992374b51f89d7cf87f71a0c
Gentoo Linux Security Advisory 201811-13 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. Versions less than 60.3.0 are affected.
dfd702cee32bc438649bed899c42ec0c300d02359e8e2217025dfe8241b5cd45
Gentoo Linux Security Advisory 201810-1 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 60.2.2 are affected.
0691ae8021da4956449e6d4f9c1fdd0355496e51bc68aa1daaad0d960ac3e310
Red Hat Security Advisory 2018-2251-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
cfab7a998bd27c1e4a1a0e65a6b7bd19bed1aba4d0504b8ee9a31d57643744bf
Red Hat Security Advisory 2018-2252-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
710bbfbe7f1c6bbad567e4d6df96227243d295254c8df4498a8b7b3a8cd14173
Debian Linux Security Advisory 4244-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.
307d6271acb7903ea1cdd898c92f48b7b284c567cd6f920247667d0674c50b55
Ubuntu Security Notice 3714-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary code. It was discovered that S/MIME and PGP decryption oracles can be built with HTML emails. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.
5b9a375b7e68e29c645ccc9c61dfe743f7d5c1f9083b295b36d6d6fa792b993c
Ubuntu Security Notice 3705-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, bypass same-origin restrictions, bypass CORS restrictions, bypass CSRF protections, obtain sensitive information, or execute arbitrary code. Various other issues were also addressed.
cfd4cc88f31fd1abec1754d224edeff04519ec9a5d0a04e2202da985f02d98de
Red Hat Security Advisory 2018-2112-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
c83b51fc510827e3da5f97c2bdaefb75707217c460d8a14d5c67b9cf283e90fa
Red Hat Security Advisory 2018-2113-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
733eefe7a714bfbb481e79af2fb8c94cc9b1e0409edce093a2e253f22750db8e
Debian Linux Security Advisory 4235-1 - Several security issues have been found in the Mozilla Firefox web lead to the execution of arbitrary code, denial of service, cross-site request forgery or information disclosure.
8c2683c765b5fe80e5b1bcd8d7cdded23af3f5071accff38512c01785137cb09
Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a local root command execution vulnerability.
dba01fd50ccc998756cc8244a767c12352f600e2ebd9dbbb32b2a494b95eb2df
Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a remote root command execution vulnerability.
b3959182a01a1aa9519f51835810ba1223553cdd3266080ea2086fb66b9d35d5
Dell EMC RecoverPoint versions prior to 5.1.2 and Dell EMC RecoverPoint Virtual Machine (VM) versions prior to 5.1.1.3 suffer from command injection, LDAP password leak, and arbitrary file read vulnerabilities.
a32f56f16886245544fb248cad14e2e09e7d117b2031783004120f837bd910e0