Lucene search

Kaspersky LabKLA71400

HistoryAug 06, 2024 - 12:00 a.m.

KLA71400 Multiple vulnerabilities in Mozilla Thunderbird

2024-08-0600:00:00

Kaspersky Lab

threats.kaspersky.com

mozilla thunderbird

multiple vulnerabilities

denial of service

arbitrary code execution

sensitive information

security bypass

user interface spoofing

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

36.5%

JSON

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

Out of bounds memory access vulnerability in graphics shared memory handling can be exploited to cause denial of service.
Use after free vulnerability in incomplete WebAssembly exception handing can be exploited to cause denial of service or execute arbitrary code.
Out of bounds read vulnerability in editor component can be exploited to cause denial of service.
Security vulnerability in web extension with StreamFilter can be exploited to obtain sensitive information, cause denial of service or execute arbitrary code.
Uninitialized memory vulnerability in ANGLE used by WebGL can be exploited to obtain sensitive information.
Use after free vulnerability in JavaScript garbage collection can be exploited to cause denial of service or execute arbitrary code.
Security UI vulnerability in the date picker can be exploited to spoof user interface and bypass security restrictions.

Original advisories

MFSA2024-38

Related products

Mozilla-Thunderbird

CVE list

CVE-2024-7529 unknown

CVE-2024-7519 unknown

CVE-2024-7521 unknown

CVE-2024-7525 unknown

CVE-2024-7522 unknown

CVE-2024-7526 unknown

CVE-2024-7527 unknown

Solution

Update to the latest version

Download Thunderbird

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.