Lucene search

K
kasperskyKaspersky LabKLA11569
HistoryMar 19, 2019 - 12:00 a.m.

KLA11569 Multiple vulnerabilities in Mozilla Thunderbird

2019-03-1900:00:00
Kaspersky Lab
threats.kaspersky.com
44

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.205

Percentile

96.4%

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

  1. Unspecified vulnerability can be exploited to bypass security restrictions;
  2. Unspecified vulnerability can be exploited to execute arbitrary code;
  3. Type-confusion vulnerability can be exploited to cause denial of service;
  4. Use-after-free vulnerability can be exploited to cause denial of service;
  5. Unspecified vulnerability can be exploited to cause denial of service;
  6. Use-after-free vulnerability can be exploited to bypass security restrictions;

Original advisories

Advisory 2019-11

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Mozilla-Thunderbird

CVE list

CVE-2018-18506 warning

CVE-2019-9790 critical

CVE-2019-9791 critical

CVE-2019-9792 critical

CVE-2019-9793 warning

CVE-2019-9794 critical

CVE-2019-9795 critical

CVE-2019-9796 critical

CVE-2019-9801 warning

CVE-2019-9788 critical

Solution

Update to the latest version

Download Mozilla Thunderbird

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Mozilla Thunderbird earlier than 60.6

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.205

Percentile

96.4%