Home Hacking News Mozilla Patched 16 Security Flaws With Thunderbird 60.7
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

Mozilla Patched 16 Security Flaws With Thunderbird 60.7

by Abeerah Hashim
written by Abeerah Hashim
thunderbird 60.7

Mozilla has rolled-out the latest release of their Thunderbird email client with numerous security fixes. This month’s update carries the biggest number of security fixes amongst all previous Thunderbird releases in 2019. Allegedly, Thunderbird 60.7 brings patches for 16 different security flaws with severity levels.

High-Severity Patches With Thunderbird 60.7

This week, Mozilla released Thunderbird 60.7 version for the users. This version addresses 13 different high-severity flaws. Among these, a timing attack vulnerability (CVE-2019-9815) could affect Mac users in particular. To avail the patch for it, users must ensure upgrading to macOS 10.14.5. Another vulnerability (CVE-2019-11693) could specifically target Linux users as buffer overflow could affect bufferdata function in WebGL.

The latest Thunderbird also fixed 5 use-after-free flaws in various components, a type confusion vulnerability demonstrated with UnboxedObjects (CVE-2019-9816), and numerous others. It also patched a set of critical memory safety bugs (CVE-2019-9800) that also affected Firefox 66 and Firefox ESR 60.6 browsers. These vulnerabilities could allow arbitrary code execution when triggered.

Other Security Fixes

Apart from the high-severity bugs, Mozilla also patched some moderate severity flaws in Thunderbird. These include a memory leakage in Windows sandbox (CVE-2019-11694) affecting Windows users only, a flaw allowing theft of browsing history (CVE-2019-11698), and an out-of-bounds read vulnerability in Skia library (CVE-2019-5798).

As stated in their advisory, exploiting any of the flaws via email was not possible due to disabled scripting.

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

Nonetheless, the users must ensure updating to the latest version to prevent potential attacks.

Alongside Thunderbird, Mozilla has also launched updated versions of its browsers, Firefox 67 and Firefox ESR 60.7. These versions also carry fixes for numerous security bugs, including critical memory leakage flaws.

Take your time to comment on this article.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...