Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA70479
HistoryJul 15, 2024 - 12:00 a.m.

KLA70479 Multiple vulnerabilities in Mozilla Thunderbird

2024-07-1500:00:00
Kaspersky Lab
threats.kaspersky.com
6
mozilla thunderbird
vulnerabilities
arbitrary code execution
security bypass
privilege escalation
obtain sensitive information
cross-site scripting
spoof user interface
denial of service

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

JSON

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions, spoof user interface, gain privileges, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. Memory corruption vulnerability in NSS can be exploited to execute arbitrary code.
  2. Memory safety vulnerability can be exploited to execute arbitrary code.
  3. Memory corruption vulnerability in thread creation can be exploited to execute arbitrary code.
  4. An elevation of privilege vulnerability in permission assignment can be exploited remotely to gain privileges.
  5. Type confusion vulnerabilityΒ in the ECMA-262 specification relating to Async Generators can be exploited to cause denial of service.

Original advisories

MFSA2024-31

Related products

Mozilla-Thunderbird

CVE list

CVE-2024-6602 warning

CVE-2024-6604 warning

CVE-2024-6603 warning

CVE-2024-6601 warning

CVE-2024-6600 warning

CVE-2024-7652 warning

Solution

Update to the latest version

Download Thunderbird

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • XSS/CSS

Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Mozilla Thunderbird earlier than 115.13

Related

kaspersky 3
mozilla 4
openvas 19
nessus 53
slackware 2
redos 3
osv 28
ubuntu 2
mageia 2
redhat 17
rocky 3
almalinux 4
oraclelinux 4
cvelist 7
redhatcve 6
debiancve 6
ubuntucve 5
nvd 7
alpinelinux 4
wolfi 5
vulnrichment 7
cve 7
freebsd 1
kaspersky
kaspersky
KLA70405 Multiple vulnerabilities in Mozilla Firefox ESR
2024-07-09 00:00:00
KLA70478 Multiple vulnerabilities in Mozilla Thunderbird
2024-07-11 00:00:00
KLA70406 Multiple vulnerabilities in Mozilla Firefox
2024-07-09 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 115.13 β€” Mozilla
2024-07-09 00:00:00
Security Vulnerabilities fixed in Thunderbird 115.13 β€” Mozilla
2024-07-15 00:00:00
Security Vulnerabilities fixed in Thunderbird 128 β€” Mozilla
2024-07-11 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5733-1)
2024-07-19 00:00:00
Debian: Security Advisory (DSA-5727-1)
2024-07-11 00:00:00
Ubuntu: Security Advisory (USN-6903-1)
2024-07-22 00:00:00
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-6903-1)
2024-07-22 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2024:2790-1)
2024-08-07 00:00:00
Fedora 40 : thunderbird (2024-a26a9c2150)
2024-07-22 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2024-07-23 19:09:25
[slackware-security] mozilla-firefox
2024-07-10 17:52:20
redos
redos
ROS-20240920-11
2024-09-20 00:00:00
ROS-20240902-11
2024-09-02 00:00:00
ROS-20240909-01
2024-09-09 00:00:00
osv
osv
thunderbird vulnerabilities
2024-07-22 02:59:38
firefox-esr - security update
2024-07-10 00:00:00
thunderbird - security update
2024-07-18 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2024-07-22 00:00:00
Firefox vulnerabilities
2024-07-10 00:00:00
mageia
mageia
Updated nss & firefox packages fix security vulnerabilities
2024-07-16 06:21:38
Updated thunderbird packages fix security vulnerabilities
2024-07-21 05:28:06
redhat
redhat
(RHSA-2024:4625) Important: thunderbird security update
2024-07-18 13:16:50
(RHSA-2024:4894) Important: thunderbird security update
2024-07-29 00:58:33
(RHSA-2024:4718) Important: thunderbird security update
2024-07-23 08:05:48
rocky
rocky
firefox security update
2024-07-15 12:18:45
thunderbird security update
2024-07-26 12:33:59
thunderbird security update
2024-07-26 12:33:00
almalinux
almalinux
Important: thunderbird security update
2024-07-18 00:00:00
Important: thunderbird security update
2024-07-18 00:00:00
Important: firefox security update
2024-07-11 00:00:00
oraclelinux
oraclelinux
firefox security update
2024-07-11 00:00:00
firefox security update
2024-07-11 00:00:00
thunderbird security update
2024-07-18 00:00:00
cvelist
cvelist
CVE-2024-6602
2024-07-09 14:25:57
CVE-2024-6604
2024-07-09 14:25:57
CVE-2024-6603
2024-07-09 14:25:57
redhatcve
redhatcve
CVE-2024-6602
2024-07-09 21:50:12
CVE-2024-6604
2024-07-09 21:50:21
CVE-2024-7652
2024-09-06 21:41:00
debiancve
debiancve
CVE-2024-6602
2024-07-09 15:15:12
CVE-2024-6604
2024-07-09 15:15:12
CVE-2024-6603
2024-07-09 15:15:12
ubuntucve
ubuntucve
CVE-2024-6602
2024-07-10 00:00:00
CVE-2024-6603
2024-07-10 00:00:00
CVE-2024-6604
2024-07-10 00:00:00
nvd
nvd
CVE-2024-6604
2024-07-09 15:15:12
CVE-2024-6602
2024-07-09 15:15:12
CVE-2024-6603
2024-07-09 15:15:12
alpinelinux
alpinelinux
CVE-2024-6602
2024-07-09 15:15:12
CVE-2024-6604
2024-07-09 15:15:12
CVE-2024-6603
2024-07-09 15:15:12
wolfi
wolfi
CVE-2024-6602 vulnerabilities
2024-09-18 21:11:55
CVE-2024-6600 vulnerabilities
2024-09-18 21:11:55
CVE-2024-6604 vulnerabilities
2024-09-18 21:11:55
vulnrichment
vulnrichment
CVE-2024-6602
2024-07-09 14:25:57
CVE-2024-6603
2024-07-09 14:25:57
CVE-2024-6604
2024-07-09 14:25:57
cve
cve
CVE-2024-6602
2024-07-09 15:15:12
CVE-2024-6604
2024-07-09 15:15:12
CVE-2024-6603
2024-07-09 15:15:12
freebsd
freebsd
firefox -- Potential memory corruption and exploitable crash
2024-09-06 00:00:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

JSON
Related for KLA70479
kaspersky3mozilla4openvas19nessus53slackware2redos3osv28ubuntu2mageia2redhat17rocky3almalinux4oraclelinux4cvelist7redhatcve6debiancve6ubuntucve5nvd7alpinelinux4wolfi5vulnrichment7cve7freebsd1