TTCSIRT-075.122717: TT-CSIRT Advisory – Mozilla Security Updates
Mozilla has released a security updates to address multiple vulnerabilities in Thunderbird 52.5.2:
a) CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9
b) CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin
c) CVE-2017-7847: Local path string can be leaked from RSS feed
d) CVE-2017-7848: RSS Feed vulnerable to new line Injection
e) CVE-2017-7829: Mailsploit part 1: From address with encoded null character is cut off in message header display
Further information on these vulnerabilities and how they can be fixed can be found on the Mozilla Website at https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/ |