ASA-2019-00353 – Mozilla Thunderbird: Stack-based buffer overflow in icalrecur_add_bydayrules()

A stack-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends a specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system.

ASA-2019-00352 – Mozilla Thunderbird: Heap-based buffer overflow in parser_get_next_char()

A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends a specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system.

ASA-2019-00351 – Mozilla Thunderbird: Heap-based buffer overflow in icalmemory_strdup_and_dequote()

A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends a specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system.

ASA-2019-00332 – Intel NUC: Out-of-bounds read/write in system firmware

Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

ASA-2019-00327 – Intel NUC: Out-of-bounds read/write in system firmware

Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.