Mozilla fix high-risk vulnerability in Thunderbird
According to foreign media reported on December 26, Mozilla recently for its popular open source Thunderbird e-mail client released a major security update to address the RSS and its buffer overflow vulnerability in the client user information disclosure, fake e-mail address and other issues.
Mozilla released in December five Vulnerability Patch, the following is specific information vulnerabilities .
CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash.
Note: This attack only affects Windows operating systems. Other operating systems are unaffected.
CVE-2017-7847: Local path string can be leaked from RSS feed
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name.
CVE-2017-7848: RSS Feed vulnerable to new line Injection
RSS fields can inject new lines into the created email structure, modifying the message body.
CVE-2017-7829: Mailsploit part 1: From address with encoded null character is cut off in message header display
It is possible to spoof the sender’s email address and display an arbitrary sender address to the email recipient. The real sender’s address is not displayed if preceded by a null character in the display string.