Mozilla squashes critical Thunderbird bug


Enlarge (credit: Mozilla)

If you’re using Thunderbird for your email needs, make sure you’re on version 52.5.2. Mozilla recently released the new version, which has patches that squash a handful of bugs.

The bug, rated critical by the Mozilla Foundation, is CVE-2017-7845, which is a buffer overflow vulnerability affecting only Windows users. “A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content,” Mozilla said in its security advisory. “This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash.”

Two of the bugs are rated “high” in severity. CVE-2017-7846 is a JavaScript exploit affecting Thunderbird’s RSS reader capabilities. The second, CVE-2017-7847, is a CSS bug that could potentially allow an attacker to discover user data, like a user name.

Read 1 remaining paragraphs | Comments

Read Original: ArsTechnica
Related Stories: