..
Click anywhere to stop
Click anywhere to stop
Detect date
?
|
10/20/2016 |
Severity
?
|
Critical |
Description
|
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions or obtain sensitive information. Below is a complete list of vulnerabilities
Technical details Vulnerability (1) related to nsCaseTransformTextRunFactory::TransformString and can be triggered via a specially designed unicode characters. Vulnerability (2) related to nsImageGeometryMixin which fails to properly handle INPUT elements. Vulnerability (3) related to mozilla::a11y::DocAccessible::ProcessInvalidationList and can be triggered via an aria-owns attribute. Vulnerability (4) related to nsFrameManager::CaptureFrameState which can be exploited by leveraging improper interaction between restyling and the Web Animations model implementation. This vulnerability also related to nsRefreshDriver::Tick which can be exploited by leveraging improper interaction between timeline destruction and the Web Animations model implementation. Vulnerability (5) related to nsBMPEncoder::AddImageFrame and can be triggered during the encoding of an image frame to an image. Vulnerability (6) related to mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap which can be exploited via bidirectional text. This vulnerability also related to DOMSVGLength which can be exploited by leveraging improper interaction between JavaScript code and an SVG document. Vulnerability (7) can be exploited by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority. Users who have not installed any add-ons are not affected. Vulnerability (8) can be exploited to obtain information about previously visited pages. |
Affected products
|
Mozilla Thunderbird versions earlier than 45.4 |
Solution
|
Update to the latest version |
Original advisories
|
|
Impacts
?
|
ACE [?] OSI [?] DoS [?] SB [?] RLF [?] XSS/CSS [?] SUI [?] |
Related products
|
Mozilla Thunderbird |
CVE-IDS
?
|
CVE-2016-52844.3Warning
CVE-2016-52817.5Critical CVE-2016-52807.5Critical CVE-2016-52786.8High CVE-2016-52777.5Critical CVE-2016-52767.5Critical CVE-2016-52747.5Critical CVE-2016-52726.8High CVE-2016-52707.5Critical CVE-2016-52577.5Critical CVE-2016-52505.0Warning |
Find out the statistics of the vulnerabilities spreading in your region |