SB2018052103 - Multiple vulnerabilities in Mozilla Thunderbird 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018052103

SB2018052103 - Multiple vulnerabilities in Mozilla Thunderbird

Published: May 21, 2018 Updated: May 21, 2018

Security Bulletin ID SB2018052103
Severity
High
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 46% Low 54%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2018-5183)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to multiple memory corruptions in the Skia library. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruptions and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.


2) Information disclosure (CVE-ID: CVE-2018-5184)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can use remote content in encrypted messages and disclose plaintext.

3) Use-after-free error (CVE-ID: CVE-2018-5154)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error while enumerating attributes during SVG animations with clip paths. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

4) Use-after-free error (CVE-ID: CVE-2018-5155)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error while adjusting layout during SVG animations with text paths. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

5) Memory corruption (CVE-ID: CVE-2018-5159)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow in the Skia library while 32-bit integer use in an array without integer overflow checks. A remote attacker can trick the victim into visiting a specially crafted website, trigger out-of-bounds write and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

6) Improper input validation (CVE-ID: CVE-2018-5161)

The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can use specially crafted message headers and cause a Thunderbird process to hang on receiving the message.


7) Information disclosure (CVE-ID: CVE-2018-5162)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can use the src attribute of remote images or links and disclose plaintext of decrypted emails.

8) Spoofing attack (CVE-ID: CVE-2018-5170)

The disclosed vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to insufficient input validation of user-supplied input. A remote attacker can use external attachments, spoof the filename of an attachment and display an arbitrary attachment name.


9) Security restrictions bypass (CVE-ID: CVE-2018-5168)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper privileges or access controls. A remote attacker can manipulate the baseURI property of the theme element, bypass security restrictions and cause lightweight themes to be installed without user interaction which could contain offensive or embarrassing images.

10) Security restrictions bypass (CVE-ID: CVE-2018-5174)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the Windows Defender SmartScreen UI runs with less secure behavior for downloaded files. A remote attacker can bypass security restrictions and perform further attack.


11) Buffer overflow (CVE-ID: CVE-2018-5178)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to improper bounds checking during UTF8 to Unicode string conversion. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.


12) Information disclosure (CVE-ID: CVE-2018-5185)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can submit a specially crafted HTML form and disclose plaintext of decrypted emails.

13) Buffer overflow (CVE-ID: CVE-2018-5150)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

Remediation

Install update from vendor's website.

References