KLA11613
Multiple vulnerabilities in Mozilla Thunderbird
Обновлено: 17/01/2020
Дата обнаружения
09/11/2019
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Incorrect temporary files access configuration of Mozilla updater service can be exploited locally to bypass security restrictions;
  2. Use-after-free vulnerability in DocShell can be exploited remotely via specially designed website to cause denial of service;
  3. Use-after-free vulnerability in worker destruction can be exploited remotely via specially designed website to cause denial of service;
  4.  
  5. Stack corruption due to incorrect number of arguments in WebRTC code can be exploited remotely via specially designed website to cause denial of service;
  6. Race condition vulnerability in Resist Fingerprinting can be exploited remotely via specially designed website to cause denial of service;
  7. Out of bounds write vulnerability in NSS can be exploited remotely via specially designed website to cause denial of service;
  8. Buffer overflow vulnerability in plain Firefox text serializer can be exploited remotely via specially designed website to cause denial of service;
Пораженные продукты

Mozilla Thunderbird earlier than 68.3

Решение

Update to the latest version
Download Mozilla Thunderbird

Первичный источник обнаружения
mfsa2019-38
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]

SB 
[?]
Связанные продукты
Mozilla Thunderbird
CVE-IDS
CVE-2019-170120.0Unknown
CVE-2019-170100.0Unknown
CVE-2019-137220.0Unknown
CVE-2019-170090.0Unknown
CVE-2019-170110.0Unknown
CVE-2019-170050.0Unknown
CVE-2019-170080.0Unknown
CVE-2019-117450.0Unknown