CVE-2018-12379

Source
Severity Medium
Remote No
Type Arbitrary code execution
Description
A security issue has been found in Thunderbird versions prior to 60.2.1. When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur.
Group Package Affected Fixed Severity Status Ticket
AVG-782 thunderbird 60.0-4 60.2.1-1 Critical Fixed FS#60424
Date Advisory Group Package Severity Description
18 Oct 2018 ASA-201810-13 AVG-782 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12379
https://bugzilla.mozilla.org/show_bug.cgi?id=1473113