HackerSecret.com - The Most Authoritative Site in the World on the Hacking Tools and Techniques, Penetration Testing and CyberSecurity

  • Home
  • Visit Our Shop
  • Download the free App
  • Contact us for Info
VISIT OUR SHOP! CLICK HERE !

Mozilla addressed flaws in Thunderbird that allow code execution

by / Friday, 14 June 2019 / Published in Hacking
Share
Tweet
Pin
0 Shares

Mozilla released security updates for the Thunderbird email client that address vulnerabilities that could allow code execution on impacted systems. 

Mozilla released security updates for the Thunderbird email client that address vulnerabilities that could be exploited by attackers to execute arbitrary code on impacted systems. 

Mozilla released Thunderbird version 60.7.1 that addresses three High severity vulnerabilities and one Low risk issue. 

The three High severity vulnerabilities addressed by Mozilla are:

  • CVE-2019-11703 – heap buffer overflow in the function icalparser.c;
  • CVE-2019-11704 – heap buffer overflow in the function icalvalue.c;
  • CVE-2019-11705 – stack buffer overflow in the function calrecur.c; 

The Low risk issue, tracked as CVE-2019-11706, is a type confusion in icalproperty.c. 

“Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.” reads the advisory published by the US-CERT.

“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.7.1 and apply the necessary update.” 

The vulnerabilities affect all the Thunderbird versions prior to 60.7.1.  

Depending on the user’s privileges, an attacker could carry out several malicious activities, such as installing malicious applications and creating new admin accounts. 

Mozilla credited the researcher Luis Merino of X41 D-Sec for the discovery of the above flaws. The vulnerabilities affect the implementation of iCal functions, they could be used to cause a crash of the system when processing specially crafted email messages.

The expert pointed out that the flaws cannot be triggered via email in Thunderbird because the scripting is disabled when reading mail. The issue could be exploitable in browser or browser-like contexts.

The good news is Mozilla is not aware of any attack exploiting the flaws in the wild.

Pierluigi Paganini

(SecurityAffairs – Thunderbird, hacking)

The post Mozilla addressed flaws in Thunderbird that allow code execution appeared first on Security Affairs.

Security Affairs

Share
Tweet
Pin
0 Shares
Tagged under: addressed, allow, Code, Execution, flaws, Mozilla, Thunderbird

Search on the site

Our customers say

Annabel M. – Systems Engineer

 
Samuel D. – Ethical Hacker

 
Karola M. – Influencer

 
Marcus P. – Private Investigator

 
Rosemary S. – Housewife

 
Amit V. – IT Consultant

 
Matthew C. – Entrepreneur

 
Aisha B. – Computer Science student

 
Li W. – IT Analyst

 
Robert C. – Programmer

 

Click here now to visit our Shop!

Click here now to visit our Shop!

Other 2300 users like you have already done it this year!

DOWNLOADED 1316 TIMES!

DOWNLOADED 1316 TIMES!

Download now Hacker Secret our free Android app.

CONTACT US NOW FOR IMMEDIATE SUPPORT!

Contact Us
Write your email address here
Write here how we can help you - we support you immediately for all your needs!

Latest posts

  • How to tell if someone is stealing your wifi

  • How to check saved passwords on Chrome

  • The Computer Security Day

  • What is digital forensics

  • How to install Metasploit in Termux?

## Are you looking for products for hacking, computer security and penetration testing? Do you need to clean up your smartphone, your PC or your site from viruses and malware? Do you need to track down someone or retrieve urgent information? Do you want to buy devices already configured to experiment all the hacking techniques quickly and easily? Do you have special needs in software or hardware? ##

Contact us now … another 2300 users like you have already done it this year!

Click here now!

 

All the techniques, products and services described or contained on this site are intendend for exclusive use of study and professional training and to test the security of own's computer network in accordance with the national legislations on access to computer and online systems. All the services provided on this site (penetration testing, social accounts hardening, Incident Response & CSIRT, MSSP, Cybersecurity Consultancy, etc.) can be provided only with prior written and documented authorization from the owners or their legitimate representatives in accordance with current national regulations .

TOP
New Order