This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. #CVE-2018-12379: Out-of-bounds write with malicious MAR file Reporter Holger Fuhrmannek Impact moderate Description This is a same-origin policy violation and could allow for data theft. #CVE-2018-18499: Same-origin policy violation using meta refresh and performance.getEntries to steal cross-origin URLs Reporter James Lee of Kryptos Logic Impact high DescriptionĪ same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This results in a potentially exploitable crash. #CVE-2018-12378: Use-after-free in IndexedDB Reporter Zhanjia Song Impact high DescriptionĪ use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. #CVE-2018-12377: Use-after-free in refresh driver timers Reporter Nils Impact high DescriptionĪ use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. Mozilla Foundation Security Advisory 2018-25 Security vulnerabilities fixed in Thunderbird 60.2.1 Announced OctoImpact critical Products Thunderbird Fixed in
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |