Mozilla releases security updates for Thunderbird that fixes one critical vulnerability, two high-level vulnerabilities, and three medium level vulnerabilities.
Critical vulnerability
CVE-2018-12376: Memory corruption issue that may allow an attacker to run arbitrary code on the vulnerable machine. The Vulnerability has a critical impact.
High-level Vulnerability
CVE-2018-12378: Use-after-free vulnerability occur when deleting IndexedDB API while the JavaScript is using it, it may leads to a potentially exploitable crash.
CVE-2018-12377: Use-after-free vulnerability occurs when “refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use” and it results in a potentially exploitable crash.
Medium Vulnerability
CVE-2018-12379: Out-of-bounds write can be triggered when Mozilla Updater opens a MAR file format that contains a long file and it results in a potentially exploitable crash.
CVE-2017-16541: Proxy settingscan be bypassed using the automount feature with autofs to create a mount point on the local file system.
CVE-2018-12385: Potentially exploitable crash in TransportSecurityInfo used for SSL due to the data stored in the local cache.
Low Level Vulnerability
CVE-2018-12383: If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This could allow the exposure of stored password data outside of user expectations.
Also Read:
Cisco Released Security Updates & Fixed 37 Vulnerabilities that Affected Cisco Products
Mozilla Firefox Releases 62.0.3 & Security Updates for 2 High Critical Vulnerabilities
86 Vulnerabilities Fixed with Adobe Security Updates for Adobe Acrobat and Reader
