Kaspersky ID:
KLA77550
Дата обнаружения:
26/11/2024
Обновлено:
25/03/2025

Описание

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, spoof user interface, cause denial of service.

Below is a complete list of vulnerabilities:

  1. Memory safety vulnerability can be exploited to execute arbitrary code.
  2. Information disclosure vulnerability in Clipboard Protection in Private Browsing Mode can be exploited to obtain sensitive information.
  3. Security vulnerability can be exploited to bypass security restrictions.
  4. Security vulnerability in Enhanced Tracking Protection’s Strict mode can be exploited to bypass security restrictions.
  5. Security UI vulnerability in URL Bar can be exploited to spoof user interface.
  6. Denial of service vulnerability can be exploited remotely to cause denial of service.
  7. Double-free vulnerability can be exploited remotely to cause denial of service.
  8. A null pointer dereference vulnerability in pk12util can be exploited remotely to cause denial of service.
  9. Security UI vulnerability can be exploited to spoof user interface.
  10. A remote code execution vulnerability in Executable File Confirmation Dialog can be exploited remotely to execute arbitrary code.
  11. Security UI vulnerability in Address Bar State can be exploited to spoof user interface.
  12. Out of bounds memory write vulnerability in Apple GPU drivers can be exploited to cause denial of service.
  13. A null pointer dereference vulnerability in NSC_DeriveKey can be exploited remotely to cause denial of service.

Первичный источник обнаружения

Связанные продукты

Список CVE

  • CVE-2024-11699
    critical
  • CVE-2024-11696
    high
  • CVE-2024-11694
    high
  • CVE-2024-11695
    high
  • CVE-2024-11693
    critical
  • CVE-2024-11692
    warning
  • CVE-2024-11697
    critical
  • CVE-2024-11698
    critical
  • CVE-2024-11691
    critical
  • CVE-2024-11702
    critical
  • CVE-2024-11708
    high
  • CVE-2024-11704
    critical
  • CVE-2024-11706
    high
  • CVE-2024-11701
    warning
  • CVE-2024-11705
    critical
  • CVE-2024-11700
    critical

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.