It hasn’t been lengthy since Mozilla final launched updates for its Thunderbird electronic mail consumer nevertheless but once more, they’ve wanted so as to add safety fixes with this system. Due to this fact, they now have rolled out Thunderbird 60.7.1 containing patches for 4 totally different vulnerabilities.
A number of Excessive-Severity Safety Fixes
This week, Mozilla has rolled out an up to date model of its electronic mail consumer. The Thunderbird 60.7.1 which reportedly carries patches for quite a few high-severity bugs.
As revealed via Mozilla’s security advisory, the up to date Thunderbird model addresses three totally different vulnerabilities with high-severity score. All these vulnerabilities existed within the implementation of iCal by Thunderbird whereas processing some emails and any of those bugs might result in a doubtlessly exploitable crash.
Exactly, these vulnerabilities embody a heap buffer overflow in icalparser.c (CVE-2019-11703), one other heap buffer overflow in icalvalue.c (CVE-2019-11704), and a stack buffer overflow in icalrecur.c (CVE-2019-11705).
Single Low-Severity Bug Repair With Thunderbird 60.7.1
Along with the above talked about high-severity vulnerabilities, the up to date Thunderbird consumer additionally addressed a low-severity bug. This flaw additionally existed within the implementation of iCal when processing sure emails. This sort confusion bug in icalproperty.c (CVE-2019-11706) might end in a system crash upon an exploit.
All of the 4 vulnerabilities have obtained fixes with Thunderbird model 60.7.1. The researcher Luis Merino of X41 D-Sec reported these flaws, which Mozilla then went on to repair.
In contrast to the same old pattern for Thunderbird bugs which couldn’t be exploited within the Thunderbird consumer, these vulnerabilities have been doubtlessly exploitable as they meddled with the e-mail processing. Due to this fact, the customers should guarantee updating their techniques promptly to the patched variations to remain protected against potential exploits.
Round per week earlier than the Thunderbird replace, Mozilla additionally mounted a reasonable severity bug affecting Firefox browser. As disclosed in its advisory, the vulnerability (CVE-2019-11702) allowed utilizing Web Explorer protocols to open native information at a identified location. This vulnerability sometimes affected Home windows customers solely, leaving the customers of different working techniques unaffected. The distributors rolled out the repair for this bug with the discharge of Firefox model 67.0.2.
Take your time to touch upon this text.
