{"id":"CVE-2019-11755","details":"A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. This vulnerability affects Thunderbird \u003c 68.1.1.","modified":"2026-04-16T00:06:04.372765429Z","published":"2019-09-27T18:15:14.100Z","related":["SUSE-SU-2019:2515-1","openSUSE-SU-2019:2248-1","openSUSE-SU-2019:2249-1","openSUSE-SU-2024:10601-1"],"references":[{"type":"WEB","url":"https://usn.ubuntu.com/4202-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4335-1/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Nov/24"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4571"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2019-32/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1240290"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11755.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"68.1.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}