Description
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, cause denial of service, execute arbitrary code.
Below is a complete list of vulnerabilities:
- A type confusion vulnerability can be exploited remotely to bypass security restrictions;
- A cross-origin resource sharing vulnerability can be exploited remotely via a canvas to obtain sensitive information;
- A use-after-free vulnerability in crash generation server can be exploited remotely to cause denial of service or bypass security restrictions;
- A compartment mismatch vulnerability can be exploited to cause denial of service;
- A use-after-free vulnerability in the chrome event handler can be exploited to cause denial of service;
- A use-after-free vulnerability in XMLHttpRequest can be exploited to cause denial of service;
- A use-after-free vulnerability in the event listener manager can be exploited to cause denial of service;
- A use-after-free vulnerability in the png_image_free function in the libpng library can be exploited to cause denial of service;
- A cross-origin resource sharing vulnerability in createImageBitmap can be exploited to obtain sensitive information;
- A cross-origin resource sharing vulnerability in ImageBitmapRenderingContext can be exploited to obtain sensitive information;
- A memory leakage vulnerability in the Windows sandbox can be exploited to obtain sensitive information;
- An unspecified vulnerability can be exploited remotely via drag and drop of hyperlinks to and from bookmarks to obtain sensitive information;
- An out-of-bounds read vulnerability can be exploited to obtain sensitive information;
- Multiple memory corruption vulnerabilities can be exploited to execute arbitrary code.
Fiches de renseignement originales
Exploitation
Public exploits exist for this vulnerability.
Produits associés
Liste CVE
- CVE-2018-18511 warning
- CVE-2019-5798 high
- CVE-2019-9797 high
- CVE-2019-9816 high
- CVE-2019-9817 high
- CVE-2019-9818 critical
- CVE-2019-9819 critical
- CVE-2019-9820 critical
- CVE-2019-11691 critical
- CVE-2019-11692 critical
- CVE-2019-7317 high
- CVE-2019-11694 critical
- CVE-2019-11698 high
- CVE-2019-9800 critical
- CVE-2019-9815 critical
- CVE-2019-11693 critical
En savoir plus
Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com
Vous avez trouvé une inexactitude dans la description de cette vulnérabilité ? Faites-le nous savoir !