KLA11229
Multiple vulnerabilities in Mozilla Thunderbird
Updated: 11/18/2019
Detect date
?
03/23/2018
Severity
?
Critical
Description

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A buffer overflow vulnerability can be exploited remotely via specially crafted script to cause denial of service;
  2. An out-of-bounds memory write vulnerability can be exploited remotely via specially crafted IPC messages to bypass security restrictions and execute arbitrary code;
  3. An integer overflow vulnerability can be exploited remotely to cause denial of service;
  4. Out of bounds memory write vulnerability in libvorbis can be exploited to bypass security restrictions;
  5. An out-of-bounds memory write in libvorbis can be exploited remotely possibly to execute arbitrary code;
  6. Memory corruption vulnerability can be exploited remotely to execute arbitrary code;
Affected products

Mozilla Thunderbird earlier than 52.7

Solution

Update to the latest version
Download Mozilla Thunderbird

Original advisories

Mozilla Foundation Security Advisory 2018-09

Impacts
?
ACE 
[?]

DoS 
[?]

SB 
[?]
Related products
Mozilla Thunderbird
CVE-IDS
?
CVE-2018-51270.0Unknown
CVE-2018-51290.0Unknown
CVE-2018-51440.0Unknown
CVE-2018-51460.0Unknown
CVE-2018-51250.0Unknown
CVE-2018-51450.0Unknown