Multiple vulnerabilities in Mozilla Thunderbird

Описание

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information.

Below is a complete list of vulnerabilities:

1. Buffer overflow vulnerability occurs during rendering of canvas element in Thunderbird can be exploited remotely to cause denial of service;
2. Use-after-free vulnerability occurs when deleting an input element can be exploited remotely to cause denial of service;
3. Multiple vulnerabilities related to decrypted S/MIME parts can be exploited remotely to obtain sensitive information;
4. Integer overflow vulnerability in SSSE3 scaler can be exploited remotely via specially designed website to cause denial of service;
5. Use-after-free vulnerability occurring in moving DOM nodes between documents can be exploited remotely via specially designed website to cause denial of service;
6. incorrect requests handling in NPAPI plugins can be exploited remotely via specially designed website to obtain sensitive information;
7. Vulnerability in IPC sandbox security policy can be exploited remotely via specially designed website to obtain sensitive information;
8. Out-of-bounds read vulnerability in QCMS can be exploited remotely via specially designed website to obtain sensitive information;
9. Vulnerability related to the browser does not warn users when opening executable files with the SettingContent-ms extension;
10. Multiple memory corruption vulnerabilities in Mozilla Thunderbird can be exploited via unspecified vector to execute arbitrary code.

Первичный источник обнаружения

• Mozilla Foundation Security Advisory 2018-18
  

Связанные продукты

• Mozilla-Thunderbird

Список CVE

• CVE-2018-12359
  high
• CVE-2018-12360
  high
• CVE-2018-12362
  high
• CVE-2018-12363
  high
• CVE-2018-12364
  high
• CVE-2018-12365
  warning
• CVE-2018-12366
  warning
• CVE-2018-12368
  critical
• CVE-2018-5188
  critical
• CVE-2018-12372
  warning
• CVE-2018-12373
  warning
• CVE-2018-12374
  warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com