Mozilla rolls out a critical security update to Thunderbird email client to fix five vulnerabilities. Mozilla fixed all the reported vulnerabilities in Thunderbird 52.5.2 update. The Thunderbird users are advised to update it to the latest version available due to security reasons. As per US-CERT, “A remote attacker could exploit some of these vulnerabilities to take control of an affected system”.

Mozilla Thunderbird update available to fix vulnerabilities

The critical vulnerability found in Thunderbird is buffer overflow vulnerability (CVE-2017-7845) which impacts only Windows operating systems rather than all operating systems. As per the Mozilla Security Advisory, “A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash.” This critical Thunderbird bug is detected by Omair and then reported to Mozilla so that the patch can be made available quickly.

The next two vulnerabilities (CVE-2017-7846 and CVE-2017-7847) are rated as high. The first vulnerability can cause to execute JavaScript the parsed RSS feed when you access the content. Another vulnerability could lead to leak local path string from RSS feed that may include user information. These high rated vulnerabilities were found by cure53.

Another vulnerability (CVE-2017-7848) of Thunderbird is also related to RSS feed. Due to this bug, “RSS fields can inject new lines into the created email structure, modifying the message body.” Mozilla stated. The final vulnerability is rated as low that impacts emails.

Mozilla Thunderbird users who are using Thunderbird 52, should apply the patch in order to keep their system safe and experience the better performance.


Please enter your comment!
Please enter your name here