Thunderbird released with patched hole


After Pwn2Own exposed some major vulnerabilities, every major browser went into patch fixing exercise.So did Mozilla.Mozilla released Firefox with the updated fix and now they have also released thunderbird with the same update. Mozilla software share the same exploit.The exploit was reported by VUPEN,which exploits use-after-free within the HTML editor.

When content script is run by the document.execCommand() function while internal editor operations are occurring allowing arbitrary code execution.No major update has been made .Thunderbird can be downloaded from their official site

Advertisements