The Mozilla Foundation has released the latest version of its Thunderbird email client, fixing 14 security vulnerabilities, including five critical ones, three of which can result in a potentially exploitable crash.
The first of the three crash bugs is CVE-2018-12359, a buffer overflow condition that, according to an 6 August Mozilla security advisory, is triggered when “rendering canvas content while adjusting the height and width of the <canvas> element dynamically, causing data to be written outside of the currently computed boundaries.”
Another is CVE-2018-12360, a use-after-free flaw that surfaces when “deleting an input element during a mutation event handler triggered by focusing that element.” And the third is CVE-2018-12361, an integer overflow in SwizzleData code that occurs when calculating buffer sizes. “The overflowed value is used for subsequent graphics computations when their inputs are not sanitised,” the advisory explains.
Two more critical vulnerabilities, designated CVE-2018-5187 and CVE-2018-5188, consist of a series of memory safety bugs found in Firefox 61, Firefox ESR 60.1 and and 52.9, and Thunderbird 60, which could result in an attacker running arbitrary code by exploiting memory corruption.