TTCSIRT-075.122717: TT-CSIRT Advisory – Mozilla Security Updates
Mozilla has released a security updates to address multiple vulnerabilities in Thunderbird 52.5.2:
a) CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9
b) CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin
c) CVE-2017-7847: Local path string can be leaked from RSS feed
d) CVE-2017-7848: RSS Feed vulnerable to new line Injection
e) CVE-2017-7829: Mailsploit part 1: From address with encoded null character is cut off in message header display
| Further information on these vulnerabilities and how they can be fixed can be found on the Mozilla Website at https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/ |