Kaspersky ID:
KLA10970
Дата обнаружения:
07/03/2017
Обновлено:
22/01/2024

Описание

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, run arbitrary code and cause a denial of service.

Below is a complete list of vulnerabilities

  1. Memory curruption vulnerability in asm.js can be exploited remotely to bypass of ASLR and DEP protections leading to a denial of service;
  2. Memory corruption vulnerability in triggerable web content can be exploited remotely to cause a denial of service;
  3. Use-after-free vulnerability, which can occur when events are fired, after their destroying in the FontFace objects can be exploited remotely to cause a denial of service;
  4. Use-after-free vulnerability, which can occur when manipulating ranges in selections can be exploited remotely to cause a denial of service;
  5. Pixel and history stealing vulnerability in the SVG filters can be exploited remotely to obtain sensitive information;
  6. Memory corrpution vulnerability in the JavaScript garbage collection can be exploited remotely to cause a denial of service;
  7. Cross-origin reading vulnerability in the CORS can be exploited remotely to obtain sensitive information;
  8. Usage of uninitialized values for ports in FTP connections can be exploited remotely to cause a denial of service;
  9. Memory corruption vulnerability can be exploited remotely to run arbitrary code.

NB: This vulnerability have no public CVSS rating so rating can be changed by the time.

NB: At this moment Mozilla just reserved CVE numbers for this vulnerabilities. Information can be changed soon.

Первичный источник обнаружения

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

  • CVE-2017-5407
    warning
  • CVE-2017-5410
    critical
  • CVE-2017-5408
    warning
  • CVE-2017-5405
    warning
  • CVE-2017-5398
    critical
  • CVE-2017-5400
    critical
  • CVE-2017-5401
    critical
  • CVE-2017-5402
    critical
  • CVE-2017-5404
    critical

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше