Mozilla released new version of Thunderbird 60.7.1 email client for Windows, Linux and macOS platform with fixes Buffer Overflow Vulnerability.
Mozilla Thunderbird is a free and open-source, cross-platform email client, news client, RSS, and chat client developed by the Mozilla Foundation. The project strategy was modeled after that of the Mozilla Firefox web browser. It is installed by default on Ubuntu desktop systems.
Thunderbird is a free email application that’s easy to set up and customize – and it’s loaded with great features!
Also Read – Mozilla Firefox Disabled All Browser Extensions After Certificate Issue
Following CVE’s have been fixed.
- CVE-2019-11703: Heap buffer overflow in icalparser.c
A flaw in Thunderbird’s implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. - CVE-2019-11704: Heap buffer overflow in icalvalue.c
A flaw in Thunderbird’s implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. - CVE-2019-11705: Stack buffer overflow in icalrecur.c
A flaw in Thunderbird’s implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. - CVE-2019-11706: Type confusion in icalproperty.c
A flaw in Thunderbird’s implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash.
You can Download Mozilla Thunderbird 60.7.1 here
