Kaspersky LabKLA11560KLA11560 Multiple vulnerabilities in Mozilla Thunderbird
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
83.0%
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, perform cross-site scripting attack.
Below is a complete list of vulnerabilities:
- Unspecified vulnerability can be exploited via side-channel attack to bypass security restrictions;
- Use-after-free vulnerability can be exploited via deleting an IndexedDB key to cause denial of service;
- Multiple memory corruption vulnerabilities can be exploited to execute arbitrary code.
- Unspecified vulnerability can be exploited via HTML tags parsing to perform cross-site scripting attack;
- Unspecified vulnerability can be exploited via crafted multipart/alternative message to bypass security restrictions;
- Unspecified vulnerability can be exploited via same-origin policy violation to bypass security restrictions;
- Use-after-free vulnerability can be exploited via manipulating video to cause denial of service;
Original advisories
Mozilla Foundation Security Advisory 2019-30
Related products
CVE list
CVE-2019-11752 critical
CVE-2019-11746 high
CVE-2019-11742 warning
CVE-2019-11740 high
CVE-2019-11744 warning
CVE-2019-11743 warning
CVE-2019-11739 warning
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- XSS/CSS
Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.
Affected Products
- Mozilla Thunderbird earlier than 68.1
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
83.0%