Mozilla patches critical Thunderbird bugs that can cause exploitable crashes

By
Mozilla patches critical Thunderbird bugs that can cause exploitable crashes

The Mozilla Foundation has released the latest version of its Thunderbird email client, fixing 14 security vulnerabilities, including five critical ones, three of which can result in a potentially exploitable crash.

The first of the three crash bugs is CVE-2018-12359, a buffer overflow condition that, according to an 6 August Mozilla security advisory, is triggered when "rendering canvas content while adjusting the height and width of the <canvas> element dynamically, causing data to be written outside of the currently computed boundaries."

Another is CVE-2018-12360, a use-after-free flaw that surfaces when "deleting an input element during a mutation event handler triggered by focusing that element." And the third is CVE-2018-12361, an integer overflow in SwizzleData code that occurs when calculating buffer sizes. "The overflowed value is used for subsequent graphics computations when their inputs are not sanitised," the advisory explains.

Two more critical vulnerabilities, designated CVE-2018-5187 and CVE-2018-5188, consist of a series of memory safety bugs found in Firefox 61, Firefox ESR 60.1 and and 52.9, and Thunderbird 60, which could result in an attacker running arbitrary code by exploiting memory corruption.

Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

iOS 12 hands-on: 6 things we love (and 3 we don&#8217;t) about Apple&#8217;s latest OS

iOS 12 hands-on: 6 things we love (and 3 we don’t) about Apple’s latest OS

Sony celebrates 500m PlayStations sold with translucent PS4 Pro

Sony celebrates 500m PlayStations sold with translucent PS4 Pro

Is a Nintendo Switch Virtual Console coming as Nintendo bans retro ROM resources?

Is a Nintendo Switch Virtual Console coming as Nintendo bans retro ROM resources?

Apple AirPods 2: Wireless charging case revealed in iOS 12 beta images

Apple AirPods 2: Wireless charging case revealed in iOS 12 beta images