USN-6015-1: Thunderbird vulnerabilities

USN-6015-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2023-1945, CVE-2023-29548,
CVE-2023-29550)

Paul Menzel discovered that Thunderbird did not properly validate OCSP
revocation status of recipient certificates when sending S/Mime encrypted
email. An attacker could potentially exploits this issue to perform
spoofing attack. (CVE-2023-0547)

Ribose RNP Team discovered that Thunderbird did not properly manage memory
when parsing certain OpenPGP messages. An attacker could potentially
exploits this issue to cause a denial of service. (CVE-2023-29479)

Irvan Kurniawan discovered that Thunderbird did not properly manage
fullscreen notifications using a combination of window.open, fullscreen
requests, window.name assignments, and setInterval calls. An attacker could
potentially exploit this issue to perform spoofing attacks.
(CVE-2023-29533)

Lukas Bernhard discovered that Thunderbird did not properly manage memory
when doing Garbage Collector compaction. An attacker could potentially
exploits this issue to cause a denial of service. (CVE-2023-29535)

Zx from qriousec discovered that Thunderbird did not properly validate the
address to free a pointer provided to the memory manager. An attacker could
potentially exploits this issue to cause a denial of service.
(CVE-2023-29536)

Trung Pham discovered that Thunderbird did not properly validate the
filename directive in the Content-Disposition header. An attacker could
possibly exploit this to perform reflected file download attacks
potentially tricking users to install malware. (CVE-2023-29539)

Ameen Basha M K discovered that Thunderbird did not properly validate
downloads of files ending in .desktop. An attacker could potentially
exploits this issue to execute arbitrary code. (CVE-2023-29541)
Source: USN-6015-1: Thunderbird vulnerabilities

About KENNETH 19694 Articles
지락문화예술공작단

Be the first to comment

Leave a Reply

Your email address will not be published.


*


이 사이트는 스팸을 줄이는 아키스밋을 사용합니다. 댓글이 어떻게 처리되는지 알아보십시오.