Mozilla has rolled-out the newest launch of their Thunderbird e mail consumer with quite a few safety fixes. This month’s replace carries the most important variety of safety fixes amongst all earlier Thunderbird releases in 2019. Allegedly, Thunderbird 60.7 brings patches for 16 completely different safety flaws with severity ranges.
Excessive-Severity Patches With Thunderbird 60.7
This week, Mozilla launched Thunderbird 60.7 model for the customers. This model addresses 13 completely different high-severity flaws. Amongst these, a timing assault vulnerability (CVE-2019-9815) may have an effect on Mac customers specifically. To avail the patch for it, customers should guarantee upgrading to macOS 10.14.5. One other vulnerability (CVE-2019-11693) may particularly goal Linux customers as buffer overflow may have an effect on bufferdata perform in WebGL.
The newest Thunderbird additionally fastened 5 use-after-free flaws in numerous parts, a kind confusion vulnerability demonstrated with UnboxedObjects (CVE-2019-9816), and quite a few others. It additionally patched a set of important reminiscence security bugs (CVE-2019-9800) that additionally affected Firefox 66 and Firefox ESR 60.6 browsers. These vulnerabilities may permit arbitrary code execution when triggered.
Different Safety Fixes
Other than the high-severity bugs, Mozilla additionally patched some reasonable severity flaws in Thunderbird. These embrace a reminiscence leakage in Home windows sandbox (CVE-2019-11694) affecting Home windows customers solely, a flaw permitting theft of looking historical past (CVE-2019-11698), and an out-of-bounds learn vulnerability in Skia library (CVE-2019-5798).
As acknowledged of their advisory, exploiting any of the failings through e mail was not attainable because of disabled scripting.
Usually, these flaws can’t be exploited by way of e mail within the Thunderbird product as a result of scripting is disabled when studying mail, however are probably dangers in browser or browser-like contexts.
Nonetheless, the customers should guarantee updating to the newest model to stop potential assaults.
Alongside Thunderbird, Mozilla has additionally launched up to date variations of its browsers, Firefox 67 and Firefox ESR 60.7. These variations additionally carry fixes for quite a few safety bugs, together with important reminiscence leakage flaws.
Take your time to touch upon this text.