Multiple vulnerabilities have been identified in Mozilla Thunderbird, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution.

Mozilla released version 68.1 which includes fixes for multiple vulnerabilities discovered in previous versions. These vulnerabilities allow for arbitrary code execution using the security context of the user running Thunderbird. This means that admin accounts using Thunderbird should have the highest priority in your update deployment.

Thunderbird 68, our newest major release, is here! With a new app menu, a better dark theme, an improved preferences menu, and so much more - what's not to love?



Read more about it on our blog: https://t.co/X9C0IdWSZX — Thunderbird (@mozthunderbird) August 28, 2019

Security vulnerabilities fixed in Thunderbird 68.1

CVE-2019-11739 - Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message.

- Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message. CVE-2019-11746 - Use-after-free while manipulating video.

- Use-after-free while manipulating video. CVE-2019-11744 - XSS by breaking out of title and Textarea elements using innerHTML.

- XSS by breaking out of title and Textarea elements using innerHTML. CVE-2019-11742 - Same-origin policy violation with SVG filters and canvas to steal cross-origin images.

- Same-origin policy violation with SVG filters and canvas to steal cross-origin images. CVE-2019-11752 - Use-after-free while extracting a key value in IndexedDB.

- Use-after-free while extracting a key value in IndexedDB. CVE-2019-11740 - Memory safety bugs fixed in multiple Mozilla products.

Get A Report of all Vulnerable Thunderbird Installations

If you currently have Mozilla Thunderbird deployed on your workstations, it's pretty critical that you update it at the earliest opportunity to ensure that you don't fall prey to these vulnerabilities. Our custom Thunderbird Vulnerability Audit Report can tell you in no time which devices have an outdated Firefox version in place and need to be patched.

Mozilla Thunderbird Vulnerability Audit - Click to Enlarge

If you haven't already, start your free Lansweeper trial and get a list of all vulnerable Mozilla Thunderbird versions in no time.