If Thunderbird is your email client, make sure you've updated it to the 52.5.2 version.
The patch includes five fixes, two of which rated high, one moderate and one of low severity.
The most serious flaw fixed is a critical overflow bug (CVE-2017-7845) which impacts Thunderbird users running windows: the bug appears when "drawing and validating elements with angle library using Direct 3D9".
Direct 3D 9 is not limited to Windows XP.
The flaws rated high impact all operating systems.
The second high-impact flaw can leak usernames with the RSS reader:
CVE-2017-7847: Local path string can be leaked from RSS feed
About the moderate flaw, it also regards the RSS reader: CVE-2017-7848: RSS Feed vulnerable to new line Injection
Finally the low severity flow makes possible to spoof the email address of the sender.
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string.
Image credit : dakirby309
Subscribe to VPNrevie.ws
Get the latest posts delivered right to your inbox
Comments powered by Talkyard.