Fwd: [CIVN-2020-0292] Multiple Vulnerabilities in Mozilla Thunderbird

Software Affected

·         Mozilla Thunderbird versions prior to 78

Overview

Multiple vulnerabilities have been reported in Mozilla Thunderbird which

could allow a remote attacker to execute arbitrary code, access sensitive

information, bypass security restrictions or perform other unauthorized

activities on a targeted system.

Description

AppCache manifest poisoning ( CVE-2020-12415 )

This vulnerability exists in Mozilla Thunderbird due to improper processing

of AppCache manifest URL.

Successful exploitation of this vulnerability could cause the AppCache to

be used for servicing requests for the top level directory.

Use after free errors ( CVE-2020-12416  CVE-2020-12419  CVE-2020-12420 )

These vulnerabilities exist in Mozilla Thunderbird due to use-after free

errors in WebRTC VideoBroadcaster, nsGlobalWindowInner and when attempting

connection to a STUN server.

Successful exploitation of these vulnerabilities could allow a remote

attacker to execute arbitrary code on a targeted system.

Memory corruption ( CVE-2020-12417 )

This vulnerability exists in Mozilla Thunderbird due to missing

sign-extension for ValueTags on ARM64.

Successful exploitation of this vulnerability could allow a remote attacker

to execute arbitrary code on a targeted system.

Information disclosure ( CVE-2020-12418 )

This vulnerability exists in Mozilla Thunderbird due improper processing of

crafted URL object.

Successful exploitation of this vulnerability could allow a remote attacker

to disclose process memory on a targeted system by causing an out-of-bounds

read.

X-Frame-Options bypass ( CVE-2020-15648 )

This vulnerability exists in Mozilla Thunderbird due to a logical error

related to X-Frame-Options.

Successful exploitation of this vulnerability could allow bypassing of

X-Frame-Options restrictions.

Side channel attack ( CVE-2020-12402 )

This vulnerability exists in Mozilla Thunderbird due to improper algorithm

implementation for RSA key generation.

Successful exploitation of this vulnerability could allow a remote attacker

to obtain sensitive information on a targeted system by performing side

channel attacks

Improper Certificate Validation ( CVE-2020-12421 )

This vulnerability exists in Mozilla Thunderbird due to a logical error

related to certificate trust rules.

The vulnerability could cause add-ons to become out-of-date silently

without notification to the user.

Integer Overflow ( CVE-2020-12422 )

This vulnerability exists in Mozilla Thunderbird due to an Integer overflow

error in nsJPEGEncoder::emptyOutputBuffer.

Successful exploitation of this vulnerability could allow a remote attacker

to execute arbitrary code on a targeted system.

DLL Hijacking ( CVE-2020-12423 )

This vulnerability exists in Mozilla Thunderbird due to potential loading

of "webauthn.dll" from non-default path.

Successful exploitation of this vulnerability could allow a local attacker

to execute arbitrary code on a targeted system.

Security Control Bypass ( CVE-2020-12424 )

This vulnerability exists in Mozilla Thunderbird due to a logical error

related to permission prompt for WebRTC.

Successful exploitation of this vulnerability could allow a remote attacker

to bypass security controls on a targeted system.

Out-of-bounds read ( CVE-2020-12425 )

This vulnerability exists in Mozilla Thunderbird due to a one byte

Out-of-bounds read error in Date.parse().

Successful exploitation of this vulnerability could allow a remote attacker

to obtain sensitive information on a targeted system.

Memory Corruption ( CVE-2020-12426 )

This vulnerability exists in Mozilla Thunderbird due to memory safety bugs.

Successful exploitation of this vulnerability could allow a remote attacker

to execute arbitrary code on a targeted system.

Solution

Update to Mozilla Thunderbird version 78

Vendor Information

Mozilla

References

Vulmon

CVE Name

CVE-2020-12415

CVE-2020-12416

CVE-2020-12417

CVE-2020-12418

CVE-2020-12419

CVE-2020-12420

CVE-2020-15648

CVE-2020-12402

CVE-2020-12421

CVE-2020-12422

CVE-2020-12423

CVE-2020-12424

CVE-2020-12425

CVE-2020-12426