Multiple Security Flaws Enlisted in Thunderbird 60.3- Patches Mozilla

Detection of multiple security flaws has been made by Mozilla in its Thunderbird 60.3 email client. The flaw list includes a disparaging security bug which has been alleged to have attacked Mozilla’s Firefox and Firefox ESR browsers.

A number of Mozilla products had been endangered

Mozilla had patched multiple security flaws in its recently launched Thunderbird 60.3. The community members and the developers of Mozilla had complained of the same and said that memory safety bugs are the ones to attack Thunderbird email client. Not only so, but it had also negatively affected Firefox and Firefox ESR. Mozilla has come forward to explain the bugs and it says:

“Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.”

Mozilla has, however, been successful at fixing Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3 which brings upon a huge sigh of relief but also keeps Mozilla at a constant awareness so that they can keep an eye on their dealings and advancements and whether they are being carried out smoothly or not.

Mozilla Releases solutions for other bug attacks

A slight vulnerability to the attacks of bugs are simply unwanted and a smooth fix for them is always welcome. Mozilla, thus, went on to discover some new bug fixes too, which may be kept handy to ward away the bugs for Thunderbird. Three kinds of perilous vulnerability are as follows as identified by the Mozilla team:

CVE-2018-12391: HTTP Live Stream audio data accessible cross-origin (affected Firefox for Android only). The bug could allow accessing audio data across origins during HTTP live stream playback on the Firefox browser for Android.
CVE-2018-12392: Crash with nested event loops. An attacker could trigger an exploitable crash by exploiting the bug.
CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. This out-of-bounds writes vulnerability only affected 32-bit builds.

Keeping in mind, the conditions of the exploits, Mozilla explains:

“In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potential risks in a browser or browser-like contexts.”

Only about the last month, Mozilla had found out several security flaws within Mozilla’s email client Thunderbird. Mozilla was bound to release patches in 60.2.1 for this reason. Thunderbird 60.2, Firefox 61 and Firefox ESR 60.1 were highly affected. Regarding this, the flaws explained again by the Mozilla community is as follows:

“Mozilla developers and community members […] reported memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.”

A strong impact upon Firefox, then too was quite alarming and the explanatory note is worth the notice:

“If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations.”

Leave a Reply

Your email address will not be published. Required fields are marked *