Beschreibung
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information.
Below is a complete list of vulnerabilities:
- Buffer overflow vulnerability occurs during rendering of canvas element in Thunderbird can be exploited remotely to cause denial of service;
- Use-after-free vulnerability occurs when deleting an input element can be exploited remotely to cause denial of service;
- Multiple vulnerabilities related to decrypted S/MIME parts can be exploited remotely to obtain sensitive information;
- Integer overflow vulnerability in SSSE3 scaler can be exploited remotely via specially designed website to cause denial of service;
- Use-after-free vulnerability occurring in moving DOM nodes between documents can be exploited remotely via specially designed website to cause denial of service;
- incorrect requests handling in NPAPI plugins can be exploited remotely via specially designed website to obtain sensitive information;
- Vulnerability in IPC sandbox security policy can be exploited remotely via specially designed website to obtain sensitive information;
- Out-of-bounds read vulnerability in QCMS can be exploited remotely via specially designed website to obtain sensitive information;
- Vulnerability related to the browser does not warn users when opening executable files with the SettingContent-ms extension;
- Multiple memory corruption vulnerabilities in Mozilla Thunderbird can be exploited via unspecified vector to execute arbitrary code.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2018-12359 critical
- CVE-2018-12360 critical
- CVE-2018-12362 critical
- CVE-2018-12363 critical
- CVE-2018-12364 critical
- CVE-2018-12365 critical
- CVE-2018-12366 critical
- CVE-2018-12368 critical
- CVE-2018-5188 critical
- CVE-2018-12372 critical
- CVE-2018-12373 critical
- CVE-2018-12374 critical
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!