Beschreibung
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, run arbitrary code, cause a denial of service and spoofing user interface.
Below is a complete list of vulnerabilities
- Memory corruption vulnerability in asm.js can be exploited remotely to bypass of ASLR and DEP protections leading to a denial of service;
- Memory corruption vulnerability in triggerable web content can be exploited remotely to cause a denial of service;
- Use-after-free vulnerability, which can occur when events are fired, after their destroying in the FontFace objects can be exploited remotely to cause a denial of service;
- Use-after-free vulnerability, which can occur when manipulating ranges in selections can be exploited remotely to cause a denial of service;
- Pixel and history stealing vulnerability in the SVG filters can be exploited remotely to obtain sensitive information;
- Memory corruption vulnerability in the JavaScript garbage collection can be exploited remotely to cause a denial of service;
- Cross-origin reading vulnerability in the CORS can be exploited remotely to obtain sensitive information;
- Usage of uninitialized values for ports in FTP connections can be exploited remotely to cause a denial of service;
- Memory corruption vulnerability can be exploited remotely to run arbitrary code;
- Memory corruption vulnerability caused by out of bounds access in Element::DescribeAttribute() can be exploited remotely possibly to run arbitrary code or cause a denial of service;
- Use-after-free vulnerability, which can occur while adding the range to an incorrect root object in the DOM can be exploited remotely to cause a denial of service;
- A segmentation fault vulnerability in the Skia graphics library can be exploited remotely to cause a denial of service;
- Use-after-free vulnerability in the Buffer Storage in libGLES can be exploited remotely to cause a denial of service;
- Buffer overflow read in SVG filters can be exploited remotely leading to loss of some information, contained in overwritten files;
- A segmentation fault vulnerability, which can occur during bidirectional operations can be exploited remotely to cause a denial of service;
- Incorrect local default directory chosen by File picker can be exploited remotely to obtain sensitive information;
- A premature release of a networking event listener in HttpChannel can be exploited remotely to cause a denial of service;
- Out of bounds read when parsing HTTP digest authorization responses can be exploited remotely to cause denial of service or obtain sensitive information;
- Repeated authentication prompts can be exploited remotely to cause a denial of service;
- An unknown vulnerability which can occur if popup windows are enabled can be exploited remotely leading to changes in user interface;
- Incorrect protocol using in a series within a single hyperlink in the view-source can be exploited remotely to cause a denial of service.
NB: This vulnerability have no public CVSS rating so rating can be changed by the time.NB: At this moment Mozilla just reserved CVE numbers for this vulnerabilities. Information can be changed soon.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2017-5406 critical
- CVE-2017-5407 critical
- CVE-2017-5410 critical
- CVE-2017-5411 critical
- CVE-2017-5408 critical
- CVE-2017-5412 critical
- CVE-2017-5413 critical
- CVE-2017-5414 critical
- CVE-2017-5416 critical
- CVE-2017-5425 critical
- CVE-2017-5426 critical
- CVE-2017-5418 critical
- CVE-2017-5419 critical
- CVE-2017-5405 critical
- CVE-2017-5421 critical
- CVE-2017-5422 critical
- CVE-2017-5399 critical
- CVE-2017-5398 critical
- CVE-2017-5400 critical
- CVE-2017-5401 critical
- CVE-2017-5402 critical
- CVE-2017-5403 critical
- CVE-2017-5404 critical
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!