Critical Vulnerability Patched in Mozilla Thunderbird
Via Ars Technica:
Mozilla has recently released a major upgrade to the Thunderbird email client that addresses a critical buffer-overflow vulnerability that was discovered earlier this year:
The bug, rated critical by the Mozilla Foundation, is CVE-2017-7845, which is a buffer overflow vulnerability affecting only Windows users. “A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content,” Mozilla said in its security advisory. “This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash.”
The new version is 52.5.2, and can be found here, and users are advised to update immediately.