Mozilla Patched Multiple Vulnerabilities In Thunderbird 60.2.1

  • 111
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    111
    Shares

Mozilla’s email client Thunderbird exhibited several security flaws that posed a threat to users’ security. As reported, upon discovering these vulnerabilities in Thunderbird, Mozilla released patches in version 60.2.1.

Critical Vulnerability Discovered In Thunderbird

Mozilla has recently found multiple security vulnerabilities of varying severity degrees in its email client Thunderbird. As disclosed in their security advisory, Mozilla patched seven different vulnerabilities in Thunderbird 60.2.1.

This includes a critical security vulnerability (CVE-2018-12376) that could allow an attacker to execute arbitrary codes after gaining remote access to the target system. This vulnerability previously affected the Firefox 62 and Firefox ESR 60.2 browsers. As described regarding this flaw in their advisory,

“Mozilla developers and community members […] reported memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.”

Six Other Vulnerabilities In Thunderbird Also Patched

Apart from CVE-2018-12376, Mozilla also patched five other bugs including two high impact and three moderate impact vulnerabilities. These bugs directly affected Thunderbird resulting in a potential crash upon exploitation. The two high impact flaws include Use-after-free in refresh driver timers (CVE-2018-12377) and Use-after-free in IndexedDB (CVE-2018-12378). Whereas, the moderate impact bugs include Out-of-bounds write with malicious MAR file (CVE-2018-12379), Proxy bypass using automount and autofs (CVE-2017-16541), and Crash in TransportSecurityInfo due to cached data (CVE-2018-12385).

In addition, the vendors also patched a low impact vulnerability that could allow the users to access unencrypted passwords. This vulnerability also had a more significant impact on Firefox. As described,

“If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations.”

Although, Mozilla confirms that Thunderbird users remain potentially unaffected by these flaws. It is because the software has disabled scripting while reading emails. Nonetheless, owing to the potential risks in browser-like contexts, Mozilla highly recommends the users to update their software versions.

Let us know your thoughts about this article in the comments section below.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Leave a Reply

Do NOT follow this link or you will be banned from the site!