Mozilla patched dangerous buffer overflow bug in Thunderbird

Posted on Thursday, December 28 2017 @ 10:15 CET by Thomas De Maesschalck
Thunderbird logo
If you use Mozilla's Thunderbird e-mail client, you need to upgrade to the latest version as soon as possible. The new 52.5.2 release features an update for a critical buffer overflow vulnerability that could result in an exploitable crash. Furthermore, the new version also fixes some other, less severe bugs.
The bug, rated critical by the Mozilla Foundation, is CVE-2017-7845, which is a buffer overflow vulnerability affecting only Windows users. "A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content," Mozilla said in its security advisory. "This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash."

Two of the bugs are rated "high" in severity. CVE-2017-7846 is a JavaScript exploit affecting Thunderbird's RSS reader capabilities. The second, CVE-2017-7847, is a CSS bug that could potentially allow an attacker to discover user data, like a user name.
Via: ARS Technica

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.


Loading Comments

Share this story!

Latest news

Latest reviews