Lucene search

K
osvGoogleOSV:ALSA-2024:5392
HistoryAug 14, 2024 - 12:00 a.m.

Important: thunderbird security update

2024-08-1400:00:00
Google
osv.dev
8
mozilla thunderbird
security fix
embargoed
cve-2024-7518
cve-2024-7519
cve-2024-7520
cve-2024-7521
cve-2024-7522
cve-2024-7525
cve-2024-7526
cve-2024-7527
cve-2024-7528
cve-2024-7529
software

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.1

Confidence

High

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

  • EMBARGOED Thunderbird: 115.14/128.1 ()
  • mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)
  • mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)
  • mozilla: Type confusion in WebAssembly (CVE-2024-7520)
  • mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)
  • mozilla: Out of bounds read in editor component (CVE-2024-7522)
  • mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)
  • mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)
  • mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)
  • mozilla: Use-after-free in IndexedDB (CVE-2024-7528)
  • mozilla: Document content could partially obscure security prompts (CVE-2024-7529)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.1

Confidence

High