KLA11342
Multiple vulnerabilities in Mozilla Thunderbird

Updated: 06/03/2020
Detect date
?
10/31/2018
Severity
?
Critical
Description

Multiple serious vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Vulnerability related to HTTP Live Stream can be exploited remotely to gain privileges;
  2. Event handling vulnerability can be exploited remotely via specially script to cause denial of service;
  3. Out-of-bounds write vulnerability can be exploited remotely to cause denial of service;
  4. Multiple memory corruption vulnerabilities can be exploited to execute arbitrary code;
Affected products

Mozilla Thunderbird earlier than 60.3

Solution

Update to the latest version
Download Mozilla Thunderbird

Original advisories

https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/

Impacts
?
ACE 
[?]

DoS 
[?]

PE 
[?]
Related products
Mozilla Thunderbird
CVE-IDS
?
CVE-2018-123919.3Critical
CVE-2018-123927.5Critical
CVE-2018-123935.0Critical
CVE-2018-123896.8High
CVE-2018-123907.5Critical
Find out the statistics of the vulnerabilities spreading in your region