Multiple vulnerabilities in Mozilla Thunderbird

Descripción

1. Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.

   Below is a complete list of vulnerabilities:

   1. Use-after-free vulnerability can be exploited remotely via specially designed HTML5 stream to cause denial of service.
   2. Inter-process Communication (IPC) vulnerability can be exploited remotely via attempt to communicate with the IPC object without validation to bypass security restrictions.
   3. Use-after-free vulnerability in the Libical libary in Thunderbird can be exploited remotely via a specially designed ICS calendar to cause a denial of service.
   4. Multiple memory corruption vulnerabilities can be exploited remotely to execute arbitrary code.

Notas informativas originales

• Mozilla Foundation Security Advisory 2019-03

Explotación

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Productos relacionados

• Mozilla-Thunderbird
• Mozilla-Thunderbird-ESR

Lista CVE

• CVE-2018-18500
  critical
• CVE-2018-18505
  critical
• CVE-2018-18501
  critical
• CVE-2016-5824
  high
• CVE-2018-18512
  critical
• CVE-2018-18513
  critical

Leer más

Conozca las estadísticas de las vulnerabilidades que se propagan en su región statistics.securelist.com