On August 6th a Mozilla Security Advisory was released which detailed bugs and how they operate on systems. The latest version of Thunderbird, Mozilla’s email client , details 14 vulnerabilities–five of which being critical, and three of the five could possibly cause an exploitable crash. The first bug is listed as CVE-2018-12359 and is set off when making changes such as adjusting the height and width of the <canvas> element, which in turn writes data outside the pre-computed boundaries. Furthermore, the CVE-2018-12360 is brought to life when “deleting an input element during a mutation event handler triggered by focusing that element.” Finally, the third patch, CVE-2018-12361, is a numeric overflow in SwizzleData code that occurs when determining buffer sizes. Since, all of these vulnerabilities have been patched by Mozilla.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is