Описание
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information.
Below is a complete list of vulnerabilities:
- Buffer overflow vulnerability occurs during rendering of canvas element in Thunderbird can be exploited remotely to cause denial of service;
- Use-after-free vulnerability occurs when deleting an input element can be exploited remotely to cause denial of service;
- Multiple vulnerabilities related to decrypted S/MIME parts can be exploited remotely to obtain sensitive information;
- Integer overflow vulnerability in SSSE3 scaler can be exploited remotely via specially designed website to cause denial of service;
- Use-after-free vulnerability occurring in moving DOM nodes between documents can be exploited remotely via specially designed website to cause denial of service;
- incorrect requests handling in NPAPI plugins can be exploited remotely via specially designed website to obtain sensitive information;
- Vulnerability in IPC sandbox security policy can be exploited remotely via specially designed website to obtain sensitive information;
- Out-of-bounds read vulnerability in QCMS can be exploited remotely via specially designed website to obtain sensitive information;
- Vulnerability related to the browser does not warn users when opening executable files with the SettingContent-ms extension;
- Multiple memory corruption vulnerabilities in Mozilla Thunderbird can be exploited via unspecified vector to execute arbitrary code.
Первичный источник обнаружения
Связанные продукты
Список CVE
- CVE-2018-12359 high
- CVE-2018-12360 high
- CVE-2018-12362 high
- CVE-2018-12363 high
- CVE-2018-12364 high
- CVE-2018-12365 warning
- CVE-2018-12366 warning
- CVE-2018-12368 critical
- CVE-2018-5188 critical
- CVE-2018-12372 warning
- CVE-2018-12373 warning
- CVE-2018-12374 warning
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!