DIESER SERVICE KANN ÜBERSETZUNGEN VON GOOGLE ENTHALTEN. GOOGLE ÜBERNIMMT KEINERLEI VERANTWORTUNG FÜR DIE ÜBERSETZUNGEN. DARUNTER FÄLLT JEGLICHE VERANTWORTUNG IN BEZUG AUF RICHTIGKEIT UND ZUVERLÄSSIGKEIT SOWIE JEGLICHE STILLSCHWEIGENDEN GEWÄHRLEISTUNGEN DER MARKTGÄNGIGKEIT, NICHT-VERLETZUNG VON RECHTEN DRITTER ODER DER EIGNUNG FÜR EINEN BESTIMMTEN ZWECK.

Die Website von Kaspersky Lab wurde für Ihre Bequemlichkeit mithilfe einer Übersetzungssoftware von Google Translate übersetzt. Es wurden angemessene Bemühungen für die Bereitstellung einer akkuraten Übersetzung unternommen. Bitte beachten Sie, dass automatisierte Übersetzungen nicht perfekt sind und menschliche Übersetzer in keinem Fall ersetzen sollen. Übersetzungen werden den Nutzern der Kaspersky-Lab-Website als Service und "wie sie sind" zur Verfügung gestellt. Die Richtigkeit, Zuverlässigkeit oder Korrektheit jeglicher Übersetzungen aus dem Englischen in eine andere Sprache wird weder ausdrücklich noch stillschweigend garantiert. Einige Inhalte (z. B. Bilder, Videos, Flash, usw.) können aufgrund der Einschränkungen der Übersetzungssoftware möglicherweise nicht inhaltsgetreu übersetzt werden.

KLA11007
Multiple vulnerabilities in Mozilla Thunderbird
Aktualisiert: 03/29/2019
Erkennungsdatum
?
04/30/2017
Schweregrad
?
Kritisch
Beschreibung

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, read and write local files.

Below is a complete list of vulnerabilities:

  1. A use-after-free vulnerability in SMIL can be exploited remotely to cause a denial of service;
  2. A use-after-free vulnerability during transaction processing in the editor can be exploited remotely to cause a denial of service;
  3. An out-of-bounds write vulnerability in the Graphite 2 library can be exploited remotely to cause a denial of service;
  4. An out-of-bounds write vulnerability in Base64 decoding in the Network Security Services (NSS) library can be exploited remotely to cause a denial of service;
  5. A buffer overflow vulnerability in WebGL can be exploited remotely to cause a denial of service;
  6. Origin confusion vulnerability related to reloading isolated data:text/html URL can be exploited remotely to execute a cross-site scripting (XSS) attack;
  7. A use-after-free vulnerability during focus handling can be exploited remotely to cause a denial of service;
  8. A use-after-free vulnerability in text input selection can be exploited remotely to cause a denial of service;
  9. A use-after-free vulnerability in frame selection can be exploited remotely to cause a denial of service;
  10. A use-after-free vulnerability in nsAutoPtr during XSLT processing can be exploited remotely to cause a denial of service;
  11. A use-after-free vulnerability in txExecutionState destructor related to XSLT processing can be exploited remotely to cause a denial of service;
  12. Use-after-free vulnerability in nsTArray Length() during XSLT processing can be exploited remotely to cause a denial of service;
  13. Use-after-free vulnerability with selection during scroll events can be exploited remotely to cause a denial of service;
  14. Use-after-free vulnerability during style changes when manipulating DOM elements can be exploited remotely to cause a denial of service;
  15. Memory corruption vulnerability with accessibility and DOM manipulation can be exploited remotely to cause a denial of service;
  16. An out-of-bounds write vulnerability during BinHex decoding can be exploited remotely to cause a denial of service;
  17. A buffer overflow vulnerability while parsing application/http-index-format content can be exploited remotely to cause a denial of service or obtain a sensitive information;
  18. An out-of-bounds read vulnerability when HTTP/2 DATA frames are sent with incorrect data can be exploited remotely to cause a denial of service;
  19. An out-of-bounds read vulnerability during glyph processing can be exploited remotely to cause denial of service or obtain a sensitive information;
  20. An out-of-bounds read vulnerability while processing SVG content in ConvolvePixel and during glyph processing can be exploited remotely to cause a denial of service or obtain a sensitive information;
  21. Multiple out-of-bounds read vulnerabilities in the Libevent library can be exploited remotely to cause a denial of service;
  22. Multiple potential buffer overflows in flex-generated code can be exploited remotely possibly to cause a denial of service;
  23. Multiple memory corruption vulnerabilities, which occur because of memory safety bugs, can be exploited remotely to execute arbitrary code;
  24. A potential memory corruption occurring while drawing Skia content outside the bounds of a clipping region can be exploited remotely possibly to cause a denial of service;
  25. An improper sandbox escape handling can be exploited remotely through file picker via relative paths to bypass security restrictions and gain privileges (get read only access to the local file system);
  26. An unknown vulnerability can be exploited remotely via the user interaction on the adressbar and the onblur event to spoof adressbar;
  27. An improper handling of layouts and manipulations of bidirectional unicode text combined with CSS animations can be exploited remotely to cause a denial of service;
  28. A vulnerability related to parsing application/http-index-format content can be exploited remotely possibly to cause a denial of service or execute arbitrary code;
  29. An improper DRBG number generation in NSS (Network Security Services) library can be exploited remotely possibly to cause a denial of service or execute arbitrary code.

NB: This vulnerability have no public CVSS rating so rating can be changed by the time.

NB: At this moment Mozilla just reserved CVE numbers for this vulnerabilities. Information can be changed soon.

Beeinträchtigte Produkte

Mozilla Thunderbird before 52.1

Lösung

Update to latest version
Download Mozilla Thunderbird

Ursprüngliche Informationshinweise

MFSA 2017-13

Folgen
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

WLF 
[?]

PE 
[?]

RLF 
[?]

XSS/CSS 
[?]

SUI 
[?]
CVE-IDS
?
CVE-2016-101975.0Critical
CVE-2017-54617.5Critical
CVE-2016-63547.5Critical
CVE-2017-54339.8Critical
CVE-2017-54359.8Critical
CVE-2017-54368.8Critical
CVE-2017-54599.8Critical
CVE-2017-54666.1Critical
CVE-2017-54349.8Critical
CVE-2017-54329.8Critical
CVE-2017-54609.8Critical
CVE-2017-54389.8Critical
CVE-2017-54399.8Critical
CVE-2017-54409.8Critical
CVE-2017-54419.8Critical
CVE-2017-54429.8Critical
CVE-2017-54649.8Critical
CVE-2017-54439.8Critical
CVE-2017-54447.5Critical
CVE-2017-54469.8Critical
CVE-2017-54479.1Critical
CVE-2017-54659.1Critical
CVE-2017-54547.5Critical
CVE-2017-54699.8Critical
CVE-2017-54457.5Critical
CVE-2017-54497.5Critical
CVE-2017-54514.3Critical
CVE-2017-54625.3Critical
CVE-2017-54677.5Critical
CVE-2017-54309.8Critical
CVE-2017-54299.8Critical
CVE-2016-101957.5Critical
CVE-2016-101965.0Critical

Link zum Original