Lucene search

K
kasperskyKaspersky LabKLA51268
HistoryJul 20, 2023 - 12:00 a.m.

KLA51268 Multiple vulnerabilities in Mozilla Thunderbird

2023-07-2000:00:00
Kaspersky Lab
threats.kaspersky.com
11
mozilla thunderbird
vulnerabilities
arbitrary code
denial of service
update
mfsa2023-27
ace
cve-2023-3600
cve-2023-3417

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.3%

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

  1. Override character vulnerability in File Extension can be exploited to execute arbitrary code.
  2. Use after free vulnerability in workers can be exploited to execute arbitrary code or cause denial of service.

Original advisories

MFSA2023-27

Related products

Mozilla-Thunderbird

CVE list

CVE-2023-3600 critical

CVE-2023-3417 critical

Solution

Update to the latest version

Download Thunderbird

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Mozilla Thunderbird earlier than 115.0.1

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.3%