9.EmailServers Atsign Esm W900

Several significant vulnerabilities have been found in the Thunderbird email client and Firefox web browser. An attacker could exploit these issues to disrupt services, obtain sensitive data, bypass security restrictions, perform cross-site tracing, run rogue programs on your computer, or escalate privileges on impacted systems.

What Are These Vulnerabilities & How Do They Impact Me?

ThunderbirdThe following security issues were discovered and fixed in Thunderbird and Firefox:

  • If a user were tricked into opening a specially crafted website in a browsing context, an attacker could exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, perform cross-site tracing, or execute arbitrary code. (CVE-2023-6858)
  • Thunderbird did not properly parse a PGP/MIME payload that contains digitally signed text. An attacker could exploit this issue to spoof an email message. (CVE-2023-50762)
  • Thunderbird did not properly compare the signature creation date with the message date and time when using a digitally signed S/MIME email message. An attacker could exploit this issue to spoof the date and time of an email message. (CVE-2023-50761)
  • Thunderbird did not properly manage memory when used on systems with the Mesa VM driver. An attacker could exploit this issue to execute arbitrary code. (CVE-2023-6856)
  • Thunderbird did not properly validate the textures produced by remote decoders. An attacker could exploit this issue to escape the sandbox. (CVE-2023-6860)
  • FirefoxAn attacker could escalate privileges through devtools, enabling them to view additional infrastructure to attack, add or delete users, or modify permissions of files or other users. (CVE-2024-0751)
  • Bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 threaten memory safety (CVE-2024-0755).
  • Out-of-bounds memory read in networking channels. (CVE-2024-1546)
  • Alert dialog could have been spoofed on another site. (CVE-2024-1547)
  • Fullscreen Notification could have been hidden by a select element. (CVE-2024-1548)
  • Custom cursor could obscure the permission dialog. (CVE-2024-1549)
  • The mouse cursor re-positioned unexpectedly could have led to unintended permission grants. (CVE-2024-1550)
  • Multipart HTTP Responses would accept the Set-Cookie header in response parts. (CVE-2024-1551)
  • Incorrect code generation on 32-bit ARM devices. (CVE-2024-1552)
  • Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. (CVE-2024-1553)
  • Firefox did not properly manage memory when accessing the built-in profiler. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-1556)
  • The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. As a result, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. (CVE-2024-1936)
  • NSS was susceptible to a timing side-channel attack when performing RSA decryption, potentially allowing an attacker to recover the private data. (CVE-2023-5388)
  • An unchecked return value in the TLS handshake code could have caused a potentially exploitable crash. (CVE-2024-0743)
  • The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. As a result, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. (CVE-2024-1936)
  • Return registers were overwritten which could have allowed an attacker to execute arbitrary code. (CVE-2024-2607)
  • `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out-of-bounds write. (CVE-2024-2608)
  • Using a markup injection, an attacker could have stolen nonce values. This issue could have been used to bypass strict content security policies. (CVE-2024-2610)
  • A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. (CVE-2024-2611)
  • If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. (CVE-2024-2612)
  • Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 have shown evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code. (CVE-2024-2614)
  • To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. (CVE-2024-2616)

Exploitation of these bugs could result in the compromise of sensitive information or loss of system availability.

The Firefox update released to fix these issues introduced several minor regressions, which have now been fixed in the latest version of Firefox. 

How Can I Secure My Linux Systems?

Crucial updates for Thunderbird and Firefox have been released to fix these impactful vulnerabilities. Given these flaws’ severe threat to affected systems, if left unpatched, we strongly recommend all impacted users apply the updates released to protect against data theft and loss of system access.

To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.

Follow @LS_Advisories on X for real-time updates on advisories for your distro(s).