Multiple vulnerabilities in Mozilla Thunderbird

Описание

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, obtain sensitive information, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

1. A memory safety vulnerability can be exploited to to cause denial of service and execute arbitrary code.
2. A cross-site-scripting (XSS) vulnerability can be exploited to perform cross-site scripting attack.
3. A security bypass vulnerability in «Show Password» feature can be exploited to bypass security restrictions and obtain sensitive information.
4. A side-channel information leakage vulnerability in graphics component can be exploited to obtain sensitive information.
5. A heap buffer overflow vulnerability in Freetype can be exploited to cause denial of service.
6. A security UI vulnerability in fullscreen mode can be exploited remotely to obtain sensitive information and spoof user interface.
7. A security bypass vulnerability in DoH can be exploited to security bypass restrictions.
8. A use after free vulnerability in WebRequestService can be exploited to cause denial of service.
9. A security vulnerability in mDNS request for Windows can be exploited to obtain sensitive information.
10. A security bypass vulnerability in ServiceWorker can be exploited to bypass security restrictions and perform cross-site scripting attack.
11. A use after free vulnerability in nsTArray can be exploited to potentially cause denial of service or execute arbitrary code.

Первичный источник обнаружения

• MFSA2020-51
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Mozilla-Thunderbird

Список CVE

• CVE-2020-15999
  high
• CVE-2020-16012
  warning
• CVE-2020-26951
  high
• CVE-2020-26953
  warning
• CVE-2020-26956
  high
• CVE-2020-26968
  critical
• CVE-2020-26961
  high
• CVE-2020-26960
  critical
• CVE-2020-26965
  high
• CVE-2020-26959
  critical
• CVE-2020-26966
  high
• CVE-2020-26958
  high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com