The vendor has issued an update to remove the stack-based buffer overflow, and will issue another update to correct the issue.
An attacker can send a file to an unsuspecting user, who can double-click on the file within the mail client application.
CVE-2019-3877 Firefox Fixed in Firefox 61.0 — MFSA — A maliciously-crafted HTML mail message could cause Thunderbird to crash and potentially allow an attacker to take control of the affected system. By manipulating the message’s content or layout, an attacker could exploit this vulnerability to cause the browser to crash and potentially allow an attacker to take control of the affected system. — Fixed in Firefox 61.0. — MFSA — A maliciously-crafted HTML mail message could cause Thunderbird to crash and potentially allow an attacker to take control of the affected system. By manipulating the message’s content or layout, an attacker could exploit this vulnerability to cause the browser to crash and potentially allow an attacker to take control of the affected system. — Fixed in Firefox 61.0. — MFSA — A maliciously-crafted HTML mail message could cause Thunderbird to crash and potentially allow an attacker to take control of the affected system. By manipulating the message’s content or layout, an attacker could exploit this vulnerability to cause the browser to crash and potentially allow an attacker to take control of the affected system. — Fixed in Firefox 61.0. — MFSA — A maliciously-
Firefox 61.0
Release Info
Mozilla has released Firefox 61.0, which includes a fix for CVE-2019-3877. Firefox users are urged to update to the latest version of the browser.
Source: https://support.mozilla.org/en-US/kb/firefox-61-release-info
FTP Servers
An attacker can send a file to an unsuspecting user, who can double-click on the file within the mail client application.
Timeline
Published on: 09/21/2022 07:15:00 UTC
Last modified on: 09/23/2022 18:36:00 UTC