Beschreibung
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, run arbitrary code and cause a denial of service.
Below is a complete list of vulnerabilities
- Memory curruption vulnerability in asm.js can be exploited remotely to bypass of ASLR and DEP protections leading to a denial of service;
- Memory corruption vulnerability in triggerable web content can be exploited remotely to cause a denial of service;
- Use-after-free vulnerability, which can occur when events are fired, after their destroying in the FontFace objects can be exploited remotely to cause a denial of service;
- Use-after-free vulnerability, which can occur when manipulating ranges in selections can be exploited remotely to cause a denial of service;
- Pixel and history stealing vulnerability in the SVG filters can be exploited remotely to obtain sensitive information;
- Memory corrpution vulnerability in the JavaScript garbage collection can be exploited remotely to cause a denial of service;
- Cross-origin reading vulnerability in the CORS can be exploited remotely to obtain sensitive information;
- Usage of uninitialized values for ports in FTP connections can be exploited remotely to cause a denial of service;
- Memory corruption vulnerability can be exploited remotely to run arbitrary code.
NB: This vulnerability have no public CVSS rating so rating can be changed by the time.
NB: At this moment Mozilla just reserved CVE numbers for this vulnerabilities. Information can be changed soon.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2017-5407 critical
- CVE-2017-5410 critical
- CVE-2017-5408 critical
- CVE-2017-5405 critical
- CVE-2017-5398 critical
- CVE-2017-5400 critical
- CVE-2017-5401 critical
- CVE-2017-5402 critical
- CVE-2017-5404 critical
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!