Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2017-30

Security vulnerabilities fixed in Thunderbird 52.5.2

Announced
December 22, 2017
Impact
critical
Products
Thunderbird
Fixed in
  • Thunderbird 52.5.2

#CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9

Reporter
Omair
Impact
critical
Description

A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash.
Note: This attack only affects Windows operating systems. Other operating systems are unaffected.

References

#CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin

Reporter
cure53
Impact
high
Description

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via “View -> Feed article -> Website” or in the standard format of “View -> Feed article -> default format”.

References

#CVE-2017-7847: Local path string can be leaked from RSS feed

Reporter
cure53
Impact
high
Description

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name.

References

#CVE-2017-7848: RSS Feed vulnerable to new line Injection

Reporter
cure53
Impact
moderate
Description

RSS fields can inject new lines into the created email structure, modifying the message body.

References

#CVE-2017-7829: Mailsploit part 1: From address with encoded null character is cut off in message header display

Reporter
Sabri Haddouche
Impact
low
Description

It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string.

References