Multiple vulnerabilities in Mozilla Thunderbird

Description

1. Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.

   Below is a complete list of vulnerabilities:

   1. Use-after-free vulnerability can be exploited remotely via specially designed HTML5 stream to cause denial of service.
   2. Inter-process Communication (IPC) vulnerability can be exploited remotely via attempt to communicate with the IPC object without validation to bypass security restrictions.
   3. Use-after-free vulnerability in the Libical libary in Thunderbird can be exploited remotely via a specially designed ICS calendar to cause a denial of service.
   4. Multiple memory corruption vulnerabilities can be exploited remotely to execute arbitrary code.

Fiches de renseignement originales

• Mozilla Foundation Security Advisory 2019-03

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Produits associés

• Mozilla-Thunderbird
• Mozilla-Thunderbird-ESR

Liste CVE

• CVE-2018-18500
  critical
• CVE-2018-18505
  critical
• CVE-2018-18501
  critical
• CVE-2016-5824
  high
• CVE-2018-18512
  critical
• CVE-2018-18513
  critical

En savoir plus

Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com