https://threatpost.com/mozilla-patches-critical-bug-in-thunderbird/129244/
Mozilla issued a critical security update to its popular open-source Thunderbird email client. The patch was part of a December release of five fixes that included two bugs rated high and one rated moderate and another low.
Mozilla said Thunderbird, which is also serves as a news, RSS and chat client, the latest Thunderbird 52.5.2 version released last week fixes the vulnerabilities.
The most serious of the fixes is a critical buffer overflow bug (CVE-2017-7845) impacting Thunderbird running on the Windows operating system. The bug is present when "drawing and validating elements with angle library using Direct 3D 9," according to the Mozilla Foundation Security Advisory.
(Score: 4, Insightful) by J_Darnley on Sunday December 31 2017, @01:32PM (4 children)
What the heck is an email client doing using a 3D rendering library?
(Score: 4, Funny) by maxwell demon on Sunday December 31 2017, @01:48PM
It allows you to see your emails from a different perspective. ;-)
The Tao of math: The numbers you can count are not the real numbers.
(Score: 1, Informative) by Anonymous Coward on Sunday December 31 2017, @03:46PM (1 child)
Given that Thunderbird is also a feed reader, it oftentimes displays HTML content (for example, the full HTML contents of an article). The bug seems to concern WebGL content. Mozilla's WebGL implementation relies, at least in part, on DirectX in Windows (as described in the bug).
I always thought that Thunderbird shared Firefox' rendering engine. Wouldn't that bug also affect Firefox?
(Score: 3, Informative) by TheRaven on Sunday December 31 2017, @04:13PM
sudo mod me up
(Score: 2) by tekk on Sunday December 31 2017, @08:18PM
DirectX is how you draw on windows. They deprecated GDI and the other methods iirc, so if you want to put pixels on the screen it's DX or OpenGL.