Mozilla Releases Critical Security Update For Thunderbird

Mozilla releases security updates for Thunderbird that fixes one critical vulnerability, two high-level vulnerabilities, and three medium level vulnerabilities.

Critical vulnerability

CVE-2018-12376: Memory corruption issue that may allow an attacker to run arbitrary code on the vulnerable machine. The Vulnerability has a critical impact.

High-level Vulnerability

CVE-2018-12378: Use-after-free vulnerability occur when deleting IndexedDB API while the JavaScript is using it, it may leads to a potentially exploitable crash.

CVE-2018-12377: Use-after-free vulnerability occurs when “refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use” and it results in a potentially exploitable crash.

Medium Vulnerability

CVE-2018-12379: Out-of-bounds write can be triggered when Mozilla Updater opens a MAR file format that contains a long file and it results in a potentially exploitable crash.

CVE-2017-16541: Proxy settingscan be bypassed using the automount feature with autofs to create a mount point on the local file system.

CVE-2018-12385: Potentially exploitable crash in TransportSecurityInfo used for SSL due to the data stored in the local cache.

Low Level Vulnerability

CVE-2018-12383: If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This could allow the exposure of stored password data outside of user expectations.

Also Read:

Cisco Released Security Updates & Fixed 37 Vulnerabilities that Affected Cisco Products

Mozilla Firefox Releases 62.0.3 & Security Updates for 2 High Critical Vulnerabilities

86 Vulnerabilities Fixed with Adobe Security Updates for Adobe Acrobat and Reader

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

2 days ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

3 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

4 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

4 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

4 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

4 days ago