Description
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, cause denial of service, perform cross-site scripting attack, obtain sensitive information, execute arbitrary code.
Below is a complete list of vulnerabilities:
- Unspecified vulnerability can be exploited Fetch API to bypass security restrictions;
- Unspecified vulnerability in Thunderbird can be exploited via cross-origin protection to bypass security restrictions;
- Unspecified vulnerability in Thunderbird can be exploited to spoof user interface;
- Unspecified vulnerability in Thunderbird can be exploited via p256-ECDH public keys forming to cause denial of service;
- Unspecified vulnerability in Thunderbird can be exploited via parsing page content to perform cross-site scripting;
- A use-after-free vulnerability in Thunderbird can be exploited to cause denial of service;
- Out-of-bounds read vulnerability in Thunderbird can be exploited via importing a curve25519 private key to obtain sensitive information;
- Unspecified vulnerability in Thunderbird can be exploited via NPAPI plugins to perform cross-site scripting;
- Unspecified vulnerability in Thunderbird can be exploited via sandbox to bypass security restrictions;
- Multiple memory corruption vulnerabilities can be exploited to execute arbitrary code.
Original advisories
Related products
CVE list
- CVE-2019-9811 high
- CVE-2019-11711 high
- CVE-2019-11712 high
- CVE-2019-11713 critical
- CVE-2019-11729 warning
- CVE-2019-11715 warning
- CVE-2019-11717 warning
- CVE-2019-11719 warning
- CVE-2019-11730 warning
- CVE-2019-11709 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!