Kaspersky LabKLA48840KLA48840 Multiple vulnerabilities in Mozilla Thunderbird
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
69.9%
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, execute arbitrary code, obtain sensitive information, bypass security restrictions.
Below is a complete list of vulnerabilities:
- Security UI vulnerability in Fullscreen notification can be exploited to spoof user interface.
- Out of bounds vulnerability in WebGL on macOS can be exploited to cause denial of service.
- Remote code execution vulnerability in Maintenance Service can be exploited remotely to execute arbitrary code.
- Memory corruption vulnerability in Garbage Collection compaction can be exploited remotely to cause denial of service or execute arbitrary code.
- Invalid free pointer in the memory manager can be remotely exploited to cause a denial of service or the execution of arbitrary code.
- Information disclosure vulnerability in Save As dialog on Windows can be exploited to obtain sensitive information.
- Security vulnerability in the ARM64 Ion compiler can be exploited to bypass security restrictions.
- Security vulnerability can be exploited to bypass security restrictions.
- Remote code execution vulnerability can be exploited remotely to execute arbitrary code.
- Memory safety vulnerability can be exploited to execute arbitrary code.
- Information disclosure vulnerability in can be exploited to obtain sensitive information.
- Denial of service vulnerability in Ribose RNP library can be exploited to cause denial of service.
- Memory corruption vulnerability in Safe Browsing can be exploited remotely to cause denial of service or execute arbitrary code.
- Double-free memory address vulnerability in libwebp can be exploited remotely to cause denial of service or execute arbitrary code.
Original advisories
Related products
CVE list
CVE-2023-29533 warning
CVE-2023-29531 critical
CVE-2023-29532 high
CVE-2023-29535 high
CVE-2023-29536 critical
CVE-2023-29545 high
CVE-2023-29548 high
CVE-2023-29541 critical
CVE-2023-29542 critical
CVE-2023-29539 critical
CVE-2023-29550 critical
CVE-2023-0547 high
CVE-2023-29479 high
CVE-2023-1945 high
CVE-2023-1999 critical
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- XSS/CSS
Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- Mozilla Thunderbird earlier than 102.10
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
69.9%