Lucene search

Kaspersky LabKLA65226

HistoryMar 19, 2024 - 12:00 a.m.

KLA65226 Multiple vulnerabilities in Mozilla Thunderbird

2024-03-1900:00:00

Kaspersky Lab

threats.kaspersky.com

malicious exploitation

denial of service

arbitrary code execution

sensitive information

security restrictions

privileges

software update

mozilla thunderbird

vulnerability

ace impact

cve-2024-0743

cve-2023-5388

cve-2024-2612

cve-2024-2605

cve-2024-2608

cve-2024-2607

cve-2024-2614

cve-2024-2611

cve-2024-2610

cve-2024-2616

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.1%

JSON

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information, bypass security restrictions, gain privileges.

Below is a complete list of vulnerabilities:

Out of memory conditions vulnerability in ICU can be exploited to cause denial of service.
Use after free vulnerability in SafeRefPtr can be exploited to cause denial of service or execute arbitrary code.
Remote code execution vulnerability in Windows Error Reporter can be exploited remotely to execute arbitrary code.
Information disclosure vulnerability in NSS can be exploited to obtain sensitive information.
Integer overflow vulnerability can be exploited to cause denial of service.
Remote code execution vulnerability can be exploited remotely to execute arbitrary code.
Memory safety vulnerability can be exploited to execute arbitrary code.
Denial of service vulnerability in NSS TLS method can be exploited to cause denial of service.
Clickjacking permission prompts vulnerability can be exploited remotely to gain privileges.
Security vulnerability in composition area can be exploited to bypass security restrictions.

Original advisories

MFSA2024-14

Related products

Mozilla-Thunderbird

CVE list

CVE-2024-0743 critical

CVE-2023-5388 warning

CVE-2024-2612 warning

CVE-2024-2605 warning

CVE-2024-2608 warning

CVE-2024-2607 warning

CVE-2024-2614 warning

CVE-2024-2611 warning

CVE-2024-2610 warning

CVE-2024-2616 warning

Solution

Update to the latest version

Download Thunderbird

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.