Email client and browser: Chrome, Firefox and Thunderbird vulnerable to attacks
Attackers can exploit several security vulnerabilities in Chrome, Firefox and Thunderbird. The gaps have now been closed.
(Image: Sashkin/Shutterstock.com)
If attacks on the Chrome and Firefox web browsers and the Thunderbird mail client are successful, attackers can compromise systems in the worst case via malicious code attacks.
Various attacks possible
Google states in a warning message that the developers have closed five vulnerabilities in the current versions for Linux, macOS and Windows 127.0.6533.99/.100, but lists six gaps in the article. One of these is classified as"critical" (CVE-2024-7532). The vulnerability affects the ANGLE graphics engine.
At this point, attackers can trigger memory errors (out of bounds) and then execute their own code. It is not yet clear how this could work in detail.
The majority of the vulnerabilities closed in Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 115.14 and Thunderbird 128.1 are classified as"high". By successfully exploiting these vulnerabilities, attackers can obtain user data, for example in the course of a spoofing attack (CVE-2024-7518"high") on a website.
Breaking out of the sandbox is also conceivable (CVE-2024-7519"high"). Malicious code can also reach systems via several vulnerabilities. Mozilla lists further information in the security section of its website.
(des)
