News Vulnerabilities in Thunderbitd 60.3 Patched by Mozilla. - Printable Version +- Red Security (https://redsecurity.info/cc) +-- Forum: General (https://redsecurity.info/cc/forumdisplay.php?fid=1) +--- Forum: News (https://redsecurity.info/cc/forumdisplay.php?fid=4) +--- Thread: News Vulnerabilities in Thunderbitd 60.3 Patched by Mozilla. (/showthread.php?tid=829)

Vulnerabilities in Thunderbitd 60.3 Patched by Mozilla. - Mad-Architect - 11-05-2018    Thunderbird, an email client used by Mozilla Firefox, just recently had a host of vulnerabilities patched in its 60.3 version. These were memory safety bugs that affected Thunderbird, Firefox, and Firefox ESR. Mozilla had this to say, regarding the bugs:   "Some of the bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code."      Mozilla has fixed all of the bugs in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3 respectively.     There were other flaws that were discovered:   CVE-2018-12391   CVE-2018-12392   CVE-2018-12393        In short, Mozilla had this to say:   "In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts."       Alright, that was news folks, enjoy and have a good week.   -----Sh7nk-Z0id