Kaspersky Threats

Detect date

?

07/09/2019

Severity

?

Critical

Description

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, cause denial of service, perform cross-site scripting attack, obtain sensitive information, execute arbitrary code.

Below is a complete list of vulnerabilities:

Unspecified vulnerability can be exploited Fetch API to bypass security restrictions;
Unspecified vulnerability in Thunderbird can be exploited via cross-origin protection to bypass security restrictions;
Unspecified vulnerability in Thunderbird can be exploited to spoof user interface;
Unspecified vulnerability in Thunderbird can be exploited via p256-ECDH public keys forming to cause denial of service;
Unspecified vulnerability in Thunderbird can be exploited via parsing page content to perform cross-site scripting;
A use-after-free vulnerability in Thunderbird can be exploited to cause denial of service;
Out-of-bounds read vulnerability in Thunderbird can be exploited via importing a curve25519 private key to obtain sensitive information;
Unspecified vulnerability in Thunderbird can be exploited via NPAPI plugins to perform cross-site scripting;
Unspecified vulnerability in Thunderbird can be exploited via sandbox to bypass security restrictions;
Multiple memory corruption vulnerabilities can be exploited to execute arbitrary code.

Affected products

Mozilla Thunderbird earlier than 60.8

Solution

Update to the latest version
Download Mozilla Thunderbird

Original advisories

mfsa2019-23

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

XSS/CSS

[?]

SUI

[?]

Detect date ?	07/09/2019
Severity ?	Critical
Description	Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, cause denial of service, perform cross-site scripting attack, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: Unspecified vulnerability can be exploited Fetch API to bypass security restrictions; Unspecified vulnerability in Thunderbird can be exploited via cross-origin protection to bypass security restrictions; Unspecified vulnerability in Thunderbird can be exploited to spoof user interface; Unspecified vulnerability in Thunderbird can be exploited via p256-ECDH public keys forming to cause denial of service; Unspecified vulnerability in Thunderbird can be exploited via parsing page content to perform cross-site scripting; A use-after-free vulnerability in Thunderbird can be exploited to cause denial of service; Out-of-bounds read vulnerability in Thunderbird can be exploited via importing a curve25519 private key to obtain sensitive information; Unspecified vulnerability in Thunderbird can be exploited via NPAPI plugins to perform cross-site scripting; Unspecified vulnerability in Thunderbird can be exploited via sandbox to bypass security restrictions; Multiple memory corruption vulnerabilities can be exploited to execute arbitrary code.
Affected products	Mozilla Thunderbird earlier than 60.8
Solution	Update to the latest version Download Mozilla Thunderbird
Original advisories	mfsa2019-23
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] XSS/CSS [?] SUI [?]
Related products	Mozilla Thunderbird
CVE-IDS ?	CVE-2019-98115.1High CVE-2019-117116.8High CVE-2019-117126.8High CVE-2019-117137.5Critical CVE-2019-117295.0Critical CVE-2019-117154.3Warning CVE-2019-117175.0Critical CVE-2019-117195.0Critical CVE-2019-117304.3Warning CVE-2019-117097.5Critical
	Find out the statistics of the vulnerabilities spreading in your region

KLA11524Multiple vulnerabilities in Mozilla Thunderbird

KLA11524
Multiple vulnerabilities in Mozilla Thunderbird