KLA11342
Multiple vulnerabilities in Mozilla Thunderbird
Updated: 11/06/2018
CVSS
?
7.5
Detect date
?
10/31/2018
Severity
?
Critical
Description

Multiple serious vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Vulnerability related to HTTP Live Stream can be exploited remotely to gain privileges;
  2. Event handling vulnerability can be exploited remotely via specially script to cause denial of service;
  3. Out-of-bounds write vulnerability can be exploited remotely to cause denial of service;
  4. Multiple memory corruption vulnerabilities can be exploited to execute arbitrary code;
Affected products

Mozilla Thunderbird earlier than 60.3

Solution

Update to the latest version
Download Mozilla Thunderbird

Original advisories

https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/

Impacts
?
ACE 
[?]

DoS 
[?]

PE 
[?]
Related products
Mozilla Thunderbird
CVE-IDS
?

CVE-2018-12391
CVE-2018-12392
CVE-2018-12393
CVE-2018-12389
CVE-2018-12390