Description
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, cause denial of service, execute arbitrary code.
Below is a complete list of vulnerabilities:
- A type confusion vulnerability can be exploited remotely to bypass security restrictions;
- A cross-origin resource sharing vulnerability can be exploited remotely via a canvas to obtain sensitive information;
- A use-after-free vulnerability in crash generation server can be exploited remotely to cause denial of service or bypass security restrictions;
- A compartment mismatch vulnerability can be exploited to cause denial of service;
- A use-after-free vulnerability in the chrome event handler can be exploited to cause denial of service;
- A use-after-free vulnerability in XMLHttpRequest can be exploited to cause denial of service;
- A use-after-free vulnerability in the event listener manager can be exploited to cause denial of service;
- A use-after-free vulnerability in the png_image_free function in the libpng library can be exploited to cause denial of service;
- A cross-origin resource sharing vulnerability in createImageBitmap can be exploited to obtain sensitive information;
- A cross-origin resource sharing vulnerability in ImageBitmapRenderingContext can be exploited to obtain sensitive information;
- A memory leakage vulnerability in the Windows sandbox can be exploited to obtain sensitive information;
- An unspecified vulnerability can be exploited remotely via drag and drop of hyperlinks to and from bookmarks to obtain sensitive information;
- An out-of-bounds read vulnerability can be exploited to obtain sensitive information;
- Multiple memory corruption vulnerabilities can be exploited to execute arbitrary code.
Original advisories
Related products
CVE list
- CVE-2018-18511 warning
- CVE-2019-5798 warning
- CVE-2019-9797 warning
- CVE-2019-9816 warning
- CVE-2019-9817 warning
- CVE-2019-9818 high
- CVE-2019-9819 critical
- CVE-2019-9820 critical
- CVE-2019-11691 critical
- CVE-2019-11692 critical
- CVE-2019-7317 warning
- CVE-2019-11694 warning
- CVE-2019-11698 warning
- CVE-2019-9800 critical
- CVE-2019-9815 high
- CVE-2019-11693 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!