Mozilla issued a series of security updates for Thunderbird 52.5.2 that included a critically rated buffer overflow issue that could lead to a crash if exploited.
The critical CVE-2017-7845 allows a buffer overflow to occur, only in Windows machines, when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library which is used for WebGL content. The reason this happens is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash, the security update said.
Another RSS issue, CVE-2017-7848 which has a moderate rating, can inject new lines into an email structure allowing the body of the message to be modified.
Closing out the warning is the low-rated CVE-2017-7829. If exploited a sender’s email address could be spoofed allowing a different sender address to be displayed. The real sender’s address is not displayed if preceded by a null character in the display string, the warning said.