https://threatpost.com/mozilla-patches-critical-bug-in-thunderbird/129244/
Mozilla issued a critical security update to its popular open-source Thunderbird email client. The patch was part of a December release of five fixes that included two bugs rated high and one rated moderate and another low.
Mozilla said Thunderbird, which is also serves as a news, RSS and chat client, the latest Thunderbird 52.5.2 version released last week fixes the vulnerabilities.
The most serious of the fixes is a critical buffer overflow bug (CVE-2017-7845) impacting Thunderbird running on the Windows operating system. The bug is present when "drawing and validating elements with angle library using Direct 3D 9," according to the Mozilla Foundation Security Advisory.
(Score: 1, Informative) by Anonymous Coward on Sunday December 31 2017, @03:46PM (1 child)
Given that Thunderbird is also a feed reader, it oftentimes displays HTML content (for example, the full HTML contents of an article). The bug seems to concern WebGL content. Mozilla's WebGL implementation relies, at least in part, on DirectX in Windows (as described in the bug).
I always thought that Thunderbird shared Firefox' rendering engine. Wouldn't that bug also affect Firefox?
(Score: 3, Informative) by TheRaven on Sunday December 31 2017, @04:13PM
sudo mod me up