Multiple vulnerabilities in Mozilla Thunderbird

Description

1. Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.

   Below is a complete list of vulnerabilities:

   1. Use-after-free vulnerability can be exploited remotely via specially designed HTML5 stream to cause denial of service.
   2. Inter-process Communication (IPC) vulnerability can be exploited remotely via attempt to communicate with the IPC object without validation to bypass security restrictions.
   3. Use-after-free vulnerability in the Libical libary in Thunderbird can be exploited remotely via a specially designed ICS calendar to cause a denial of service.
   4. Multiple memory corruption vulnerabilities can be exploited remotely to execute arbitrary code.

Original advisories

• Mozilla Foundation Security Advisory 2019-03

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Mozilla-Thunderbird
• Mozilla-Thunderbird-ESR

CVE list

• CVE-2018-18500
  critical
• CVE-2018-18505
  critical
• CVE-2018-18501
  critical
• CVE-2016-5824
  warning
• CVE-2018-18512
  critical
• CVE-2018-18513
  warning

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com