KLA11278
Multiple vulnerabilities in Mozilla Thunderbird
Обновлено: 26/06/2019
Дата обнаружения
03/07/2018
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. Buffer overflow vulnerability occurs during rendering of canvas element in Thunderbird can be exploited remotely to cause denial of service;
  2. Use-after-free vulnerability occurs when deleting an input element can be exploited remotely to cause denial of service;
  3. Multiple vulnerabilities related to decrypted S/MIME parts can be exploited remotely to obtain sensitive information;
  4. Integer overflow vulnerability in SSSE3 scaler can be exploited remotely via specially designed website to cause denial of service;
  5. Use-after-free vulnerability occurring in moving DOM nodes between documents can be exploited remotely via specially designed website to cause denial of service;
  6. incorrect requests handling in NPAPI plugins can be exploited remotely via specially designed website to obtain sensitive information;
  7. Vulnerability in IPC sandbox security policy can be exploited remotely via specially designed website to obtain sensitive information;
  8. Out-of-bounds read vulnerability in QCMS can be exploited remotely via specially designed website to obtain sensitive information;
  9. Vulnerability related to the browser does not warn users when opening executable files with the SettingContent-ms extension;
  10. Multiple memory corruption vulnerabilities in Mozilla Thunderbird can be exploited via unspecified vector to execute arbitrary code.
Пораженные продукты

Mozilla Thunderbird earlier than 52.9

Решение

Update to latest version
Download Mozilla Thunderbird

Первичный источник обнаружения
Mozilla Foundation Security Advisory 2018-18
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]
Связанные продукты
Mozilla Thunderbird
CVE-IDS