Mozilla Releases Critical Security Update For Thunderbird

Mozilla releases security updates for Thunderbird that fixes one critical vulnerability, two high-level vulnerabilities, and three medium level vulnerabilities.

Critical vulnerability

CVE-2018-12376: Memory corruption issue that may allow an attacker to run arbitrary code on the vulnerable machine. The Vulnerability has a critical impact.

High-level Vulnerability

CVE-2018-12378: Use-after-free vulnerability occur when deleting IndexedDB API while the JavaScript is using it, it may leads to a potentially exploitable crash.

CVE-2018-12377: Use-after-free vulnerability occurs when “refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use” and it results in a potentially exploitable crash.

Medium Vulnerability

CVE-2018-12379: Out-of-bounds write can be triggered when Mozilla Updater opens a MAR file format that contains a long file and it results in a potentially exploitable crash.

CVE-2017-16541: Proxy settingscan be bypassed using the automount feature with autofs to create a mount point on the local file system.

CVE-2018-12385: Potentially exploitable crash in TransportSecurityInfo used for SSL due to the data stored in the local cache.

Low Level Vulnerability

CVE-2018-12383: If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This could allow the exposure of stored password data outside of user expectations.

To read the original article https://gbhackers.com/mozilla-releases-critical-security-update-for-thunderbird/

 

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *