Multiple vulnerabilities in Mozilla Thunderbird

Beschreibung

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, run arbitrary code and cause a denial of service.

Below is a complete list of vulnerabilities

1. Memory curruption vulnerability in asm.js can be exploited remotely to bypass of ASLR and DEP protections leading to a denial of service;
2. Memory corruption vulnerability in triggerable web content can be exploited remotely to cause a denial of service;
3. Use-after-free vulnerability, which can occur when events are fired, after their destroying in the FontFace objects can be exploited remotely to cause a denial of service;
4. Use-after-free vulnerability, which can occur when manipulating ranges in selections can be exploited remotely to cause a denial of service;
5. Pixel and history stealing vulnerability in the SVG filters can be exploited remotely to obtain sensitive information;
6. Memory corrpution vulnerability in the JavaScript garbage collection can be exploited remotely to cause a denial of service;
7. Cross-origin reading vulnerability in the CORS can be exploited remotely to obtain sensitive information;
8. Usage of uninitialized values for ports in FTP connections can be exploited remotely to cause a denial of service;
9. Memory corruption vulnerability can be exploited remotely to run arbitrary code.

NB: This vulnerability have no public CVSS rating so rating can be changed by the time.

NB: At this moment Mozilla just reserved CVE numbers for this vulnerabilities. Information can be changed soon.

Ursprüngliche Informationshinweise

• MFSA 2017-07

CVE Liste

• CVE-2017-5407
  critical
• CVE-2017-5410
  critical
• CVE-2017-5408
  critical
• CVE-2017-5405
  critical
• CVE-2017-5398
  critical
• CVE-2017-5400
  critical
• CVE-2017-5401
  critical
• CVE-2017-5402
  critical
• CVE-2017-5404
  critical

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com