Mozilla Patched Multiple Security Vulnerabilities in Thunderbird 60.3

  • 122
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    122
    Shares

Mozilla has recently fixed multiple security flaws in its Thunderbird 60.3 email client. These vulnerabilities also include a critical security bug that allegedly affected Mozilla’s Firefox and Firefox ESR browsers as well.

Critical Vulnerability Patched Affecting Multiple Mozilla Products

Last week, Mozilla patched multiple security flaws altogether in its latest Thunderbird 60.3 including a critical security flaw. As explained in Mozilla’s security advisory, numerous community members and developers at Mozilla discovered reported memory safety bugs that only affected Thunderbird email client, but also had impacted Firefox and Firefox ESR.

Describing the bugs (CVE-2018-12390), Mozilla stated,

Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

Mozilla has fixed the bugs in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3 respectively.

Other Bugs Fixed In Thunderbird 60.3

Apart from the critical memory safety bugs, Mozilla also released fixes for several other vulnerabilities affecting Thunderbird. These include three vulnerabilities with a high severity level, and low severity level memory safety bugs (CVE-2018-12389).

The three high severity flaws include:

  • CVE-2018-12391: HTTP Live Stream audio data accessible cross-origin (affected Firefox for Android only). The bug could allow accessing audio data across origins during HTTP live stream playback on the Firefox browser for Android.
  • CVE-2018-12392: Crash with nested event loops. An attacker could trigger an exploitable crash by exploiting the bug.
  • CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. This out-of-bounds write vulnerability only affected 32-bit builds.

With regards to the conditions for the exploit, Mozilla elaborated,

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

Mozilla patched multiple vulnerabilities in the previous versions of Thunderbird and Firefox last month. That time too, Mozilla released a fix for critical code execution vulnerability affecting Thunderbird 60.2, Firefox 61 and Firefox ESR 60.1.

Let us know your thoughts in the comments section.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!