Thunderbird users are advised to update their application as soon as possible. All users are advised to exercise extreme caution when dealing with untrusted content when using older versions of Thunderbird and Firefox to ensure they aren’t put at risk of being exploited to run arbitrary code. Mozilla will be issuing a patch shortly to fix this issue in Thunderbird and Firefox ESR.
Mozilla encourages users to stay up-to-date and take the steps necessary to protect themselves from these types of threats. By being informed and taking the necessary precautions, users can increase their security on the internet.
Thunderbird Users
Thunderbird is a popular email and chat program that uses the Mozilla Foundation's XUL platform to provide users with an intuitive interface. Thunderbird is often used by businesses for its ability to manage many different accounts and processes, which makes it an effective tool for managing customer data online. Thunderbird has been out of date for a while now, but still has a tremendous following.
The issue in question was discovered on November 19th when a security researcher noticed that the "Cookie Manager" extension in earlier versions of Firefox could be exploited. The vulnerability allows attackers to easily gain access to any website using the browser extension, which can lead to arbitrary code execution on the machine of the infected user. A patch was created within 24 hours of the discovery, but because this particular bug is able to affect older versions of Firefox, all users are urged to upgrade their browser.
How Did Thunderbird and Firefox Get Vulnerable?
Thunderbird and Firefox are at risk for running arbitrary code through the XUL technology because it is outdated.
The old version of XUL, which is what Thunderbird and Firefox use to display user interface elements, has a vulnerability in which malicious values can be assigned to any variable that is returned from a JavaScript function call. The malicious values could then be used to run arbitrary code on the system.
According to Mozilla, they will issue a patch shortly in order to fix this issue in older versions of Thunderbird and Firefox ESR.
What is the Thunderbird/Firefox ESR (Extended Support Release) vulnerability?
The vulnerability, which is in the way Thunderbird and Firefox ESR parse malformed HTML (Hypertext Markup Language) code, allows for malicious code to run on a user’s computer. This can be exploited by websites that have been compromised to send malicious JavaScript or HTML, allowing attackers to gain access to a victim’s computer.
Thunderbird and Firefox ESR users are advised to update as soon as possible. For more information about this vulnerability, please see Mozilla’s security advisory at https://www.mozilla.org/en-US/security/advisories/.
Are you affected?
If you use Thunderbird for email, it is important that you update your application as soon as possible. Stay up-to-date on the latest information from Mozilla by following their blog, Twitter account (@Thunderbird), and Facebook page (https://www.facebook.com/mozilla.thunderbird).
#WEP
What is the Firefox 52.0.2 exploit attack?
(CVE-2022-42932) Firefox 52.0.2 is being exploited as a vulnerability in the browser's JavaScript engine, which could allow for arbitrary code execution on users' machines when visiting malicious websites. Mozilla has also confirmed that this exploit occurs on Thunderbird 52.0.1 and Thunderbird ESR 45.8.1, and that it was also used by some other malware such as Nuclear Packet Stealing Malware (NPS). The exploit affects all supported versions of Firefox including the Extended Support Release (ESR) version of Firefox, which is meant to be updated less frequently than the main release version of Firefox before it expires at the end of 2020.
Timeline
Published on: 12/22/2022 20:15:00 UTC
Last modified on: 01/04/2023 02:40:00 UTC
References
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789729%2C1791363%2C1792041
- https://www.mozilla.org/security/advisories/mfsa2022-46/
- https://www.mozilla.org/security/advisories/mfsa2022-45/
- https://www.mozilla.org/security/advisories/mfsa2022-44/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42932