Produkty:
Domů
Pro malé podniky
Pro střední podniky
Pro velké podniky
Zranitelnosti Hrozby
Úvod Zranitelnosti

Multiple vulnerabilities in Mozilla Thunderbird

Kaspersky ID:
KLA11488
Detekováno:
05/21/2019
Aktualizováno:
01/28/2026

Popis

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, cause denial of service, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A type confusion vulnerability can be exploited remotely to bypass security restrictions;
  2. A cross-origin resource sharing vulnerability can be exploited remotely via a canvas to obtain sensitive information;
  3. A use-after-free vulnerability in crash generation server can be exploited remotely to cause denial of service or bypass security restrictions;
  4. A compartment mismatch vulnerability can be exploited to cause denial of service;
  5. A use-after-free vulnerability in the chrome event handler can be exploited to cause denial of service;
  6. A use-after-free vulnerability in XMLHttpRequest can be exploited to cause denial of service;
  7. A use-after-free vulnerability in the event listener manager can be exploited to cause denial of service;
  8. A use-after-free vulnerability in the png_image_free function in the libpng library can be exploited to cause denial of service;
  9. A cross-origin resource sharing vulnerability in createImageBitmap can be exploited to obtain sensitive information;
  10. A cross-origin resource sharing vulnerability in ImageBitmapRenderingContext can be exploited to obtain sensitive information;
  11. A memory leakage vulnerability in the Windows sandbox can be exploited to obtain sensitive information;
  12. An unspecified vulnerability can be exploited remotely via drag and drop of hyperlinks to and from bookmarks to obtain sensitive information;
  13. An out-of-bounds read vulnerability can be exploited to obtain sensitive information;
  14. Multiple memory corruption vulnerabilities can be exploited to execute arbitrary code.

Oficiální doporučení

Vykořisťování

Public exploits exist for this vulnerability.

Související produkty

seznam CVE

  • CVE-2018-18511
    warning
  • CVE-2019-5798
    high
  • CVE-2019-9797
    high
  • CVE-2019-9816
    high
  • CVE-2019-9817
    high
  • CVE-2019-9818
    critical
  • CVE-2019-9819
    critical
  • CVE-2019-9820
    critical
  • CVE-2019-11691
    critical
  • CVE-2019-11692
    critical
  • CVE-2019-7317
    high
  • CVE-2019-11694
    critical
  • CVE-2019-11698
    high
  • CVE-2019-9800
    critical
  • CVE-2019-9815
    critical
  • CVE-2019-11693
    critical

Zobrazit více

Zjistěte statistiky zranitelností šířících se ve vaší oblasti statistics.securelist.com

Našli jste v popisu této chyby zabezpečení nepřesnost? Dej nám vědět!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Zjistěte více
Kaspersky Premium
Zjistěte více
Related articles
06 March 2026
Securelist
Exploits and vulnerabilities in Q4 2025
04 March 2026
Securelist
Mobile malware evolution in 2025
19 February 2026
Securelist
Arkanix Stealer: a C++ & Python infostealer
17 February 2026
Securelist
Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
11 February 2026
Securelist
The game is over: when “free” comes at too high a price. What we know about RenEngine
11 February 2026
Securelist
Spam and phishing in 2025
Našli jste v popisu této chyby zabezpečení nepřesnost?
Pokud jste našli novou hrozbu nebo zranitelnost, dejte nám prosím vědět e-mailem:
newvirus@kaspersky.com
Našli jste novou hrozbu nebo zranitelnost?
Pokud jste našli novou hrozbu nebo zranitelnost, dejte nám prosím vědět e-mailem:
newvirus@kaspersky.com
Produkty
Domů
Pro malé podniky
Pro střední podniky
Pro velké podniky
Select language
Severity level
Critical
High
Warning
Sorting
Kaspersky ID
Zranitelnost
Detect date
Míra zranitelnosti
You must select at least one severity level
Do you want to save your changes?
Your message has been sent successfully.