Kaspersky Threats

Detect date

?

11/09/2019

Severity

?

High

Description

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code.

Below is a complete list of vulnerabilities:

Incorrect temporary files access configuration of Mozilla updater service can be exploited locally to bypass security restrictions;
Use-after-free vulnerability in DocShell can be exploited remotely via specially designed website to cause denial of service;
Use-after-free vulnerability in worker destruction can be exploited remotely via specially designed website to cause denial of service;
Stack corruption due to incorrect number of arguments in WebRTC code can be exploited remotely via specially designed website to cause denial of service;
Race condition vulnerability in Resist Fingerprinting can be exploited remotely via specially designed website to cause denial of service;
Out of bounds write vulnerability in NSS can be exploited remotely via specially designed website to cause denial of service;
Buffer overflow vulnerability in plain Firefox text serializer can be exploited remotely via specially designed website to cause denial of service;

Affected products

Mozilla Thunderbird earlier than 68.3

Solution

Update to the latest version
Download Mozilla Thunderbird

Original advisories

mfsa2019-38

Impacts

?

ACE

[?]

DoS

[?]

SB

[?]

Detect date ?	11/09/2019
Severity ?	High
Description	Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: Incorrect temporary files access configuration of Mozilla updater service can be exploited locally to bypass security restrictions; Use-after-free vulnerability in DocShell can be exploited remotely via specially designed website to cause denial of service; Use-after-free vulnerability in worker destruction can be exploited remotely via specially designed website to cause denial of service; Stack corruption due to incorrect number of arguments in WebRTC code can be exploited remotely via specially designed website to cause denial of service; Race condition vulnerability in Resist Fingerprinting can be exploited remotely via specially designed website to cause denial of service; Out of bounds write vulnerability in NSS can be exploited remotely via specially designed website to cause denial of service; Buffer overflow vulnerability in plain Firefox text serializer can be exploited remotely via specially designed website to cause denial of service;
Affected products	Mozilla Thunderbird earlier than 68.3
Solution	Update to the latest version Download Mozilla Thunderbird
Original advisories	mfsa2019-38
Impacts ?	ACE [?] DoS [?] SB [?]
Related products	Mozilla Thunderbird
CVE-IDS ?	CVE-2019-170126.8High CVE-2019-170105.1High CVE-2019-137224.3Warning CVE-2019-170094.6Warning CVE-2019-170115.1High CVE-2019-170056.8High CVE-2019-170086.8High CVE-2019-117456.8High
	Find out the statistics of the vulnerabilities spreading in your region

KLA11613Multiple vulnerabilities in Mozilla Thunderbird

KLA11613
Multiple vulnerabilities in Mozilla Thunderbird