Mozilla recently rolled out patches for two critical vulnerabilities in its Thunderbird email client. The vulnerabilities allegedly affected its IonMonkey JIT compiler. Mozilla fixed the bugs with the release of Thunderbird 60.6.1.
Two Critical Vulnerabilities In Thunderbird 60.6.1
As disclosed in Mozilla’s security advisory, two critical vulnerabilities existed in Thunderbird IonMonkey JIT compiler. Mozilla confirmed rolling out patches for both the flaws with Thunderbird 60.6.1.
As reported, the first of these vulnerabilities CVE-2019-9810 could result in buffer overflow.
“Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow.”
Whereas, the second vulnerability (CVE-2019-9813) was an Ionmonkey type confusion.
“Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.”
Mozilla confirmed that the vulnerabilities could not be exploited via email due to the disabled scripting in the software. However, they were “potentially risky” in browser-like contexts. Therefore, the users must ensure upgrading their systems to the patched Thunderbird version to avoid any mishaps.
Mozilla credited the researchers from Trend Micro’s Zero Day Initiative for reporting both the vulnerabilities.
Second Update For Thunderbird In A Month
Although the present update 60.6.1 carries fixes for only two security bugs, Mozilla has already rolled-out updates just a couple of weeks before this update. At that time, Mozilla patched quite a bunch of vulnerabilities in Thunderbird version 60.6.
The update includes fixes for three critical security bugs, four high-severity flaws, and two moderate severity vulnerabilities. Among the critical flaws, CVE-2019-9791 and CVE-2019-9792 also existed in the IonMonkey just-in-time (JIT) compiler. Mozilla credited Samuel Groß from Google Project Zero for reporting both the bugs.
In addition, a high severity vulnerability CVE-2019-9795 also affected the IonMonkey JIT compiler. This type confusion flaw could potentially trigger an exploitable crash owing to malicious JavaScript.
With the release of Thunderbird 60.6, Mozilla also fixed memory safety bugs (CVE-2019-9788) that affected Firefox and Firefox ESR as well. The patches for the other two browsers were rolled out with Firefox 66, Firefox ESR 60.6. However, this time, Mozilla’s advisory did not mention any such update for the other browsers.