Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11739
Acknowledgments: Name: the Mozilla project Upstream: Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk
Statement: In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2774 https://access.redhat.com/errata/RHSA-2019:2774
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11739
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2773 https://access.redhat.com/errata/RHSA-2019:2773
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:2807 https://access.redhat.com/errata/RHSA-2019:2807