Multiple vulnerabilities in Mozilla Thunderbird

Published: 2018-11-01
Severity High
Patch available YES
Number of vulnerabilities 5
CVE ID CVE-2018-12391
CVE-2018-12392
CVE-2018-12393
CVE-2018-12389
CVE-2018-12390
CWE ID CWE-20
CWE-388
CWE-787
CWE-190
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software Mozilla Thunderbird Subscribe
Vendor Mozilla

Security Advisory

1) Cross-origin policy bypass

Severity: Low

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12391

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to audio data can be accessed across origins in violation of security policies during HTTP Live Stream playback on Firefox for Android. A remote attacker can trick the victim into visiting a specially crafted website, bypass cross-origin policies and conduct further attacks.

Mitigation

Update to version 60.3.

Vulnerable software versions

Mozilla Thunderbird: 60.0, 60.2.1

CPE External links

https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Poor event handling

Severity: High

CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12392

CWE-ID: CWE-388 - Error Handling

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to poor event handling when manipulating user events in nested loops while opening a document through script. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 60.3.

Vulnerable software versions

Mozilla Thunderbird: 60.0, 60.2.1

CPE External links

https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Integer overflow

Severity: High

CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12393

CWE-ID: CWE-787 - Out-of-bounds Write

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow during the conversion of scripts to an internal UTF-16 representation. A remote attacker can trick the victim into visiting a specially crafted website, trigger out-of-bounds write and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 60.3.

Vulnerable software versions

Mozilla Thunderbird: 60.0, 60.2.1

CPE External links

https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory corruption

Severity: High

CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12389

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 60.3.

Vulnerable software versions

Mozilla Thunderbird: 60.0, 60.2.1

CPE External links

https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory corruption

Severity: High

CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-12390

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 60.3.

Vulnerable software versions

Mozilla Thunderbird: 60.0, 60.2.1

CPE External links

https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.