The bug, rated critical by the Mozilla Foundation, is CVE-2017-7845, which is a buffer overflow vulnerability affecting only Windows users. "A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content," Mozilla said in its security advisory. "This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash."Via: ARS Technica
Two of the bugs are rated "high" in severity. CVE-2017-7846 is a JavaScript exploit affecting Thunderbird's RSS reader capabilities. The second, CVE-2017-7847, is a CSS bug that could potentially allow an attacker to discover user data, like a user name.
Mozilla patched dangerous buffer overflow bug in Thunderbird
Posted on Thursday, December 28 2017 @ 10:15 CET by Thomas De Maesschalck