Updated thunderbird packages fix security vulnerabilities

Multiple vulnerabilities have been fixed in thunderbird. JavaScript Execution via RSS in mailbox:// origin CVE-2017-7846. Local path string can be leaked from RSS feed CVE-2017-7847. RSS Feed vulnerable to new line Injection CVE-2017-7848. Mailsploit From address with encoded null character is cu...

Mozilla Thunderbird Security Advisories (MFSA2017-30, MFSA2017-30) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

FreeBSD : mozilla -- multiple vulnerabilities (6a09c80e-6ec7-442a-bc65-d72ce69fd887)

Mozilla Foundation reports : CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin CVE-2017-7847: Local path string can be leaked from RSS feed CVE-2017-7848: RSS Feed vulnerable to...

Security fix for the ALT Linux 10 package thunderbird version 52.5.2-alt1

Dec. 25, 2017 Andrey Cherepanov 52.5.2-alt1 - New version 52.5.2 - Enigmail 1.9.9 - Fixes: + CVE-2017-7846 JavaScript Execution via RSS in mailbox:// origin + CVE-2017-7847 Local path string can be leaked from RSS feed + CVE-2017-7848 RSS Feed vulnerable to new line Injection + CVE-2017-7829...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin CVE-2017-7847: Local path string can be leaked from RSS feed CVE-2017-7848: RSS Feed vulnerable to...

Mailsploit vulnerability exists in email address resolution

TL;DR: Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents MTA aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC DKIM/SPF or spam filters. Bu...

Internet Bug Bounty: Mailsploit: a sender spoofing bug in over 30 email clients

Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents MTA aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC DKIM/SPF or spam filters. Bugs were...

MailSploit — Email Spoofing Flaw Affects Over 30 Popular Email Clients

If you receive an email that looks like it's from one of your friends, just beware! It's possible that the email has been sent by someone else in an attempt to compromise your system. A security researcher has discovered a collection of vulnerabilities in more than 30 popular email client...