Multiple vulnerabilities in Mozilla Thunderbird



Published: 2018-07-04
Risk High
Patch available YES
Number of vulnerabilities 12
CVE-ID CVE-2018-12359
CVE-2018-12360
CVE-2018-12372
CVE-2018-12373
CVE-2018-12362
CVE-2018-12363
CVE-2018-12364
CVE-2018-12365
CVE-2018-12366
CVE-2018-12368
CVE-2018-12374
CVE-2018-5188
CWE-ID CWE-787
CWE-120
CWE-416
CWE-401
CWE-190
CWE-352
CWE-200
CWE-125
CWE-20
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Mozilla Thunderbird
Client/Desktop applications / Messaging software

Vendor Mozilla

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) Memory corruption

EUVDB-ID: #VU13478

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12359

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to buffer overflow when rendering canvas content while adjusting the height and width of the <canvas> element dynamically. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger out-of-bounds write and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update to version 59.2.

Vulnerable software versions

Mozilla Thunderbird: 52.8


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-18/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free error

EUVDB-ID: #VU13479

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12360

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free vulnerability when deleting an input element during a mutation event handler triggered by focusing that element. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update to version 59.2.

Vulnerable software versions

Mozilla Thunderbird: 52.8


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-18/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory leak

EUVDB-ID: #VU13554

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12372

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. A remote attacker can trigger memory leak and gain access to arbitrary data.

Mitigation

Update to version 59.2.

Vulnerable software versions

Mozilla Thunderbird: 52.8


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-18/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory leak

EUVDB-ID: #VU13555

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12373

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to dDecrypted S/MIME parts hidden with CSS or <plaintext> can leak plaintext when included in a HTML reply/forward. A remote attacker can trigger memory leak and gain access to arbitrary data.

Mitigation

Update to version 59.2.

Vulnerable software versions

Mozilla Thunderbird: 52.8


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-18/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

EUVDB-ID: #VU13481

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12362

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update to version 59.2.

Vulnerable software versions

Mozilla Thunderbird: 52.8


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-18/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free error

EUVDB-ID: #VU13483

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12363

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when script uses mutation events to move DOM nodes between documents. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update to version 59.2.

Vulnerable software versions

Mozilla Thunderbird: 52.8


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-18/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Cross-site request forgery

EUVDB-ID: #VU13486

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12364

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform CSRF attack.

The weakness exists due to insufficient CSRF protections. A remote attacker can use NPAPI plugins, such as Adobe Flash, send non-simple cross-origin requests, make a same-origin POST that does a 307 redirect to the target site, bypass CORS and conduct cross-site request forgery (CSRF) attacks.

Mitigation

Update to version 59.2.

Vulnerable software versions

Mozilla Thunderbird: 52.8


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-18/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information disclosure

EUVDB-ID: #VU13487

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12365

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to a compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. A remote attacker can gain access to private local files.

Mitigation

Update to version 59.2.

Vulnerable software versions

Mozilla Thunderbird: 52.8


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-18/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU13488

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12366

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to an invalid grid size during QCMS (color profile) transformations. A remote attacker can trigger out-of-bounds read interpreted as a float value and access private data from the output.

Mitigation

Update to version 59.2.

Vulnerable software versions

Mozilla Thunderbird: 52.8


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-18/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU13490

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12368

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to iWindows 10 does not warn users before opening executable files with the SettingContent-msextension even when they have been downloaded from the internet and have the "Mark of the Web". A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, use WebExtension with the limited downloads.openpermission and execute arbitrary code without user interaction on Windows 10 systems

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update to version 59.2.

Vulnerable software versions

Mozilla Thunderbird: 52.8


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-18/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory leak

EUVDB-ID: #VU13556

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12374

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to plaintext of decrypted emails can leak through. A remote attacker can submit an embedded form by press enter key within a text input field, submit an embedded form, trigger memory leak and gain access to arbitrary data.

Mitigation

Update to version 59.2.

Vulnerable software versions

Mozilla Thunderbird: 52.8


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-18/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Memory corruption

EUVDB-ID: #VU13495

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5188

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update to version 59.2.

Vulnerable software versions

Mozilla Thunderbird: 52.8


CPE2.3 External links

http://www.mozilla.org/en-US/security/advisories/mfsa2018-18/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###