From: Chris Coulson
Date: Jul 3,2019 12:57AM
A type confusion bug was discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could exploit this by causing a denial of service, or
executing arbirary code. (CVE-2019-11707)
It was discovered that a sandboxed child process could open arbitrary web
content in the parent process via the Prompt:Open IPC message. When
combined with another vulnerability, an attacker could potentially exploit
this to execute arbitrary code. (CVE-2019-11708)
References:
https://usn.ubuntu.com/4045-1
CVE-2019-11707, CVE-2019-11708
沒有留言:
張貼留言