Mozilla Releases Critical Security Update For Thunderbird


Mozilla releases security updates for Thunderbird that fixes one critical vulnerability, two high-level vulnerabilities, and three medium level vulnerabilities.

Critical vulnerability

CVE-2018-12376: Memory corruption issue that may allow an attacker to run arbitrary code on the vulnerable machine. The Vulnerability has a critical impact.

High-level Vulnerability

CVE-2018-12378: Use-after-free vulnerability occur when deleting IndexedDB API while the JavaScript is using it, it may leads to a potentially exploitable crash.

CVE-2018-12377: Use-after-free vulnerability occurs when “refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use” and it results in a potentially exploitable crash.

Medium Vulnerability

CVE-2018-12379: Out-of-bounds write can be triggered when Mozilla Updater opens a MAR file format that contains a long file and it results in a potentially exploitable crash.

CVE-2017-16541: Proxy settingscan be bypassed using the automount feature with autofs to create a mount point on the local file system.

CVE-2018-12385: Potentially exploitable crash in TransportSecurityInfo used for SSL due to the data stored in the local cache.

Low Level Vulnerability

CVE-2018-12383: If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This could allow the exposure of stored password data outside of user expectations.

To read the original article


Laisser un commentaire

Next Post

Instagram Influencers Targeted in Ransomware Campaign

The company does not have two-factor authentication set by default High-profile accounts on Instagram are being targeted by phishing and ransomware attacks, with evidence that many are paying the attackers. Hackers are gaining access to accounts via phishing scams; posing as personal representatives from well known branding companies, they are […]