Kaspersky ID:
KLA73182
Дата обнаружения:
03/09/2024
Обновлено:
25/03/2025

Описание

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, perform cross-site scripting attack, spoof user interface.

Below is a complete list of vulnerabilities:

  1. Memory safety vulnerability can be exploited to execute arbitrary code.
  2. Type confusion vulnerability when looking up a property name in a «with» block can be exploited to cause denial of service.
  3. Type confusion vulnerability in WASM can be exploited to cause denial of service.
  4. Security vulnerability can be exploited to bypass security restrictions.
  5. Security UI vulnerability can be exploited to spoof user interface.
  6. Cross-site scripting (XSS) vulnerability can be exploited to perform cross-site scripting attack.
  7. Use after free vulnerability when aborting the verification of an OTR chat session can be exploited to cause denial of service or execute arbitrary code.

Первичный источник обнаружения

Связанные продукты

Список CVE

  • CVE-2024-8387
    critical
  • CVE-2024-8381
    critical
  • CVE-2024-8385
    critical
  • CVE-2024-8386
    high
  • CVE-2024-8382
    critical
  • CVE-2024-8384
    critical
  • CVE-2024-8394
    high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.