KLA11278
Multiple vulnerabilities in Mozilla Thunderbird

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information.

Below is a complete list of vulnerabilities:

1. Buffer overflow vulnerability occurs during rendering of canvas element in Thunderbird can be exploited remotely to cause denial of service;
2. Use-after-free vulnerability occurs when deleting an input element can be exploited remotely to cause denial of service;
3. Multiple vulnerabilities related to decrypted S/MIME parts can be exploited remotely to obtain sensitive information;
4. Integer overflow vulnerability in SSSE3 scaler can be exploited remotely via specially designed website to cause denial of service;
5. Use-after-free vulnerability occurring in moving DOM nodes between documents can be exploited remotely via specially designed website to cause denial of service;
6. incorrect requests handling in NPAPI plugins can be exploited remotely via specially designed website to obtain sensitive information;
7. Vulnerability in IPC sandbox security policy can be exploited remotely via specially designed website to obtain sensitive information;
8. Out-of-bounds read vulnerability in QCMS can be exploited remotely via specially designed website to obtain sensitive information;
9. Vulnerability related to the browser does not warn users when opening executable files with the SettingContent-ms extension;
10. Multiple memory corruption vulnerabilities in Mozilla Thunderbird can be exploited via unspecified vector to execute arbitrary code.

Mozilla Thunderbird earlier than 52.9

Update to latest version
Download Mozilla Thunderbird

Mozilla Foundation Security Advisory 2018-18