Multiple vulnerabilities in Mozilla Thunderbird

Описание

1. Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.

   Below is a complete list of vulnerabilities:

   1. Use-after-free vulnerability can be exploited remotely via specially designed HTML5 stream to cause denial of service.
   2. Inter-process Communication (IPC) vulnerability can be exploited remotely via attempt to communicate with the IPC object without validation to bypass security restrictions.
   3. Use-after-free vulnerability in the Libical libary in Thunderbird can be exploited remotely via a specially designed ICS calendar to cause a denial of service.
   4. Multiple memory corruption vulnerabilities can be exploited remotely to execute arbitrary code.

Первичный источник обнаружения

• Mozilla Foundation Security Advisory 2019-03
  

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Mozilla-Thunderbird
• Mozilla-Thunderbird-ESR

Список CVE

• CVE-2018-18500
  critical
• CVE-2018-18505
  critical
• CVE-2018-18501
  critical
• CVE-2016-5824
  warning
• CVE-2018-18512
  critical
• CVE-2018-18513
  warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com