Mozilla Thunderbird 52.7 Security Update: Buffer Overflow, OOB Write, Integer Overflow (CVE-2018-5127/5129/5144/5146)

Critical Vulnerability Information Vulnerability Overview Announcement Date: March 23, 2018 Product: Thunderbird Fixed Version: Thunderbird 52.7 Overall Impact: Critical Specific Vulnerability Details 1. CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - Reporter: Nils - Impact: High - Description: A buffer overflow may occur when manipulating SVG animatedPathSegList via script, potentially leading to exploitable crashes. 2. CVE-2018-5129: Out-of-bounds write with malformed IPC messages - Reporter: James Grant - Impact: High - Description: IPC messages lack parameter validation, allowing out-of-bounds writes via malicious IPC messages, potentially enabling sandbox bypass through memory corruption in the parent process. 3. CVE-2018-5144: Integer overflow during Unicode conversion - Reporter: Root Object - Impact: Moderate - Description: An integer overflow may occur during text conversion to certain Unicode character sets due to unchecked length parameters. 4. CVE-2018-5146: Out of bounds memory write in libvorbis - Reporter: Richard Zhu via Trend Micro's Zero Day Initiative - Impact: Critical - Description: An out-of-bounds memory write occurred while processing Vorbis audio data, reported through the Pwn2Own competition. 5. CVE-2018-5125: Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7 - Reporter: Mozilla developers and community - Impact: Critical - Description: Memory safety vulnerabilities reported in Firefox 58, Firefox ESR 52.6, and Thunderbird 52.6 by Mozilla developers and community members; some showed evidence of memory corruption and could be exploited to execute arbitrary code. 6. CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 and Thunderbird 52.7 - Reporter: Mozilla developers and community - Impact: Critical - Description: Memory safety vulnerabilities reported in Firefox ESR 52.6 and Thunderbird 52.6 by Mozilla developers Jet Villegas and Randell Jesup; these showed evidence of memory corruption and could be exploited to execute arbitrary code.

Goal Reached Thanks to every supporter — we hit 100%!

Mozilla Thunderbird 52.7 Security Update: Buffer Overflow, OOB Write, Integer Overflow (CVE-2018-5127/5129/5144/5146)

More from this source