Multiple vulnerabilities in Mozilla Thunderbird

Описание

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, perform cross-site scripting attack, execute arbitrary code, cause denial of service, spoof user interface, gain privileges.

Below is a complete list of vulnerabilities:

1. Cross-site scripting (XSS) vulnerability can be exploited to perform cross-site scripting attack.
2. Cross-site scripting (XSS) vulnerability for Android can be exploited to perform cross-site scripting attack.
3. Memory corruption vulnerability can be exploited to cause a denial of service.
4. Security UI vulnerability can be exploited to spoof user interface.
5. Validation of untrusted input vulnerability in new tab page can be exploited to bypass security restrictions.
6. Type confusion vulnerability in WebTransport can be exploited to cause denial of service.
7. Memory corruption vulnerability that occurs when reading from memory at a specific point during JIT compilation can be exploited to cause a denial of service.
8. Memory safety vulnerability can be exploited to execute arbitrary code.
9. Security vulnerability in Clipboard can be exploited to bypass security restrictions.

Первичный источник обнаружения

• MFSA2024-49
  

Связанные продукты

• Mozilla-Thunderbird

Список CVE

• CVE-2024-8900
  critical
• CVE-2024-9397
  high
• CVE-2024-9398
  high
• CVE-2024-9392
  critical
• CVE-2024-9402
  critical
• CVE-2024-9396
  critical
• CVE-2024-9399
  critical
• CVE-2024-9393
  critical
• CVE-2024-9401
  critical
• CVE-2024-9394
  critical
• CVE-2024-9400
  critical

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com