| Description: | Bobby Holley, Christian Holler, David Bolter, Byron Campen and JonCoppeard discovered multiple memory safety issues in Thunderbird. If auser were tricked in to opening a specially crafted message with scriptingenabled, an attacker could potentially exploit these to cause a denial ofservice via application crash, or execute arbitrary code with theprivileges of the user invoking Thunderbird. (CVE-2014-1574)Atte Kettunen discovered a buffer overflow during CSS manipulation. If auser were tricked in to opening a specially crafted message, an attackercould potentially exploit this to cause a denial of service viaapplication crash or execute arbitrary code with the privileges of theuser invoking Thunderbird. (CVE-2014-1576)Holger Fuhrmannek discovered an out-of-bounds read with Web Audio. If auser were tricked in to opening a specially crafted message with scriptingenabled, an attacker could potentially exploit this to steal sensitiveinformation. (CVE-2014-1577)Abhishek Arya discovered an out-of-bounds write when buffering WebM videoin some circumstances. If a user were tricked in to opening a speciallycrafted message with scripting enabled, an attacker could potentiallyexploit this to cause a denial of service via application crash or executearbitrary code with the privileges of the user invoking Thunderbird.(CVE-2014-1578)A use-after-free was discovered during text layout in some circumstances.If a user were tricked in to opening a specially crafted message withscripting enabled, an attacker could potentially exploit this to cause adenial of service via application crash or execute arbitrary code withthe privileges of the user invoking Thunderbird. (CVE-2014-1581)Eric Shepherd and Jan-Ivar Bruaroey discovered issues with video sharingvia WebRTC in iframes, where video continues to be shared after beingstopped and navigating to a new site doesn't turn off the camera. Anattacker could potentially exploit this to access the camera without theuser being aware. (CVE-2014-1585, CVE-2014-1586) |