KLA11342
Multiple vulnerabilities in Mozilla Thunderbird
Обновлено: 26/06/2019
Дата обнаружения
31/10/2018
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Vulnerability related to HTTP Live Stream can be exploited remotely to gain privileges;
  2. Event handling vulnerability can be exploited remotely via specially script to cause denial of service;
  3. Out-of-bounds write vulnerability can be exploited remotely to cause denial of service;
  4. Multiple memory corruption vulnerabilities can be exploited to execute arbitrary code;
Пораженные продукты

Mozilla Thunderbird earlier than 60.3

Решение

Update to the latest version
Download Mozilla Thunderbird

Первичный источник обнаружения
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]

PE 
[?]
Связанные продукты
Mozilla Thunderbird
CVE-IDS
CVE-2018-123917.5Critical
CVE-2018-123929.8Critical
CVE-2018-123937.5Critical
CVE-2018-123898.8Critical
CVE-2018-123909.8Critical