Description
Multiple serious vulnerabilities have been found in Thunderbird. Malicious users can exploit these vulnerabilities to cause a denial of service, spoof user interface, bypass security protections and run arbitrary code.
Below is a complete list of vulnerabilities:
- A use-after-free vulnerability related to destroyed node usage when regenerating trees can be exploited remotely to cause a denial of service;
- A use-after-free vulnerability related to docshell reloading can be exploited remotely to cause a denial of service;
- A use-after-free vulnerability related to video control operations with track elements can be exploited to cause a denial of service;
- A use-after-free vulnerability related to content viewer listeners can be exploited remotely to cause a denial of service;
- A use-after-free vulnerability related to user interactions with the input method editor (IME) can be exploited remotely to cause a denial of service;
- An out-of-bounds read vulnerability related to ImageInfo objects in WebGL can be exploited remotely to cause a denial of service;
- A use-after-free and use-after-scope vulnerabilities related to XHR header errors logging can be exploited remotely to cause a denial of service;
- A use-after-free vulnerability in IndexedDB can be exploited remotely to cause a denial of service;
- Multiple vulnerabilities in the Graphite 2 library can be exploited remotely to cause a denial of service;
- An out-of-bounds read vulnerability in Opus encoder can be exploited remotely to cause a denial of service;
- An improper handling of Canadian Syllabics and other unicode blocks can be exploited remotely to spoof the domain;
- An improper handling of long filenames while downloading “Mark of the Web” can be exploited remotely to bypass security restrictions;
- Multiple memory corruption vulnerabilities which occur because of memory safety bugs can be exploited remotely to execute arbitrary code.
Technical details
NB: These vulnerabilities do not have any public CVSS rating, so rating can be changed by the time.
NB: At this moment Mozilla has just reserved CVE numbers for these vulnerabilities. Information can be changed soon.
Original advisories
Related products
CVE list
- CVE-2017-5472 critical
- CVE-2017-7749 critical
- CVE-2017-7750 critical
- CVE-2017-7751 critical
- CVE-2017-7755 high
- CVE-2017-7752 high
- CVE-2017-7754 warning
- CVE-2017-7756 critical
- CVE-2017-7757 critical
- CVE-2017-7778 critical
- CVE-2017-7771 high
- CVE-2017-7772 high
- CVE-2017-7773 high
- CVE-2017-7774 high
- CVE-2017-7775 warning
- CVE-2017-7776 high
- CVE-2017-7777 high
- CVE-2017-7758 high
- CVE-2017-7763 warning
- CVE-2017-7764 warning
- CVE-2017-7765 warning
- CVE-2017-5470 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!