Thunderbird is a popular email client by Mozilla. Recently, the company released a new version that fixes a critical buffer overflow vulnerability affecting Windows users. In total, the release includes five fixes. So, update your email client now to keep yourself safe.
The most critical buffer overflow bug (CVE-2017-7845) affects Thunderbird running on the Windows. The same critical vulnerability was also reported and patched earlier this month on Firefox browser.
“A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash,” Mozilla wrote.
The other two security issues rated high were CVE-2017-7846 and CVE-2017-7847. The first one was in the Thunderbird’s RSS reader. It was possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website. In the second, a crafted CSS in an RSS feed can leak and reveal local path strings.
Other two bugs rated moderate (CVE-2017-7848) and low (CVE-2017-7829) were an RSS bug and a bug impacting email. By exploiting the second bug, it was possible to spoof the sender’s email address and display any random sender address to the email recipient.
If you use Thunderbird, you need to update it to the latest version. As the bug is now known to all, hackers might try to exploit these.
