Mozilla rolls out a critical security update to Thunderbird email client to fix five vulnerabilities. Mozilla fixed all the reported vulnerabilities in Thunderbird 52.5.2 update. The Thunderbird users are advised to update it to the latest version available due to security reasons. As per US-CERT, “A remote attacker could exploit some of these vulnerabilities to take control of an affected system”.
The critical vulnerability found in Thunderbird is buffer overflow vulnerability (CVE-2017-7845) which impacts only Windows operating systems rather than all operating systems. As per the Mozilla Security Advisory, “A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash.” This critical Thunderbird bug is detected by Omair and then reported to Mozilla so that the patch can be made available quickly.
Another vulnerability (CVE-2017-7848) of Thunderbird is also related to RSS feed. Due to this bug, “RSS fields can inject new lines into the created email structure, modifying the message body.” Mozilla stated. The final vulnerability is rated as low that impacts emails.
Mozilla Thunderbird users who are using Thunderbird 52, should apply the patch in order to keep their system safe and experience the better performance.