Description: | Summary: Mozilla Thunderbird is prone to multiple vulnerabilities.
Vulnerability Insight: Multiple flaws exist due to:
- asm.js JIT-spray bypass of ASLR and DEP.
- Memory Corruption when handling ErrorResult.
- Use-after-free working with events in FontFace objects.
- Use-after-free using addRange to add range to an incorrect root object.
- Use-after-free working with ranges in selections.
- Segmentation fault in Skia with canvas operations.
- Pixel and history stealing via floating-point timing side channel with SVG filters.
- Memory corruption during JavaScript garbage collection incremental sweeping.
- Use-after-free in Buffer Storage in libGLES.
- Cross-origin reading of video captions in violation of CORS.
- Buffer overflow read in SVG filters.
- Segmentation fault during bidirectional operations.
- File picker can choose incorrect default directory.
- Null dereference crash in HttpChannel.
- Overly permissive Gecko Media Plugin sandbox regular expression access.
- Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running.
- Out of bounds read when parsing HTTP digest authorization responses.
- Repeated authentication prompts lead to DOS attack.
- FTP response codes can cause use of uninitialized values for ports.
- Print preview spoofing.
- DOS attack by using view-source: protocol repeatedly in one hyperlink.
Vulnerability Impact: Successful exploitation of this vulnerability will allow remote attackers to execute arbitrary code, to delete arbitrary files by leveraging certain local file execution, to obtain sensitive information, and to cause a denial of service.
Affected Software/OS: Mozilla Thunderbird versions before 52.0.
Solution: Update to version 52.0 or later.
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|