---

Mozilla Outs Thunderbird 45.8 to Fix 9 Security Vulnerabilities, 5 Are Critical

Thunderbird 45.8.0 is now the latest release of the popular email client and news/RSS reader, which is included by default in numerous Linux distributions. As mentioned before, this is a security update that addresses multiple vulnerabilities discovered in previous versions. According to the release notes, five of them are marked as “Critical.” These include an asm.js JIT-spray bypass of DEP and ASLR (CVE-2017-5400), a memory corruption when handling ErrorResult (CVE-2017-5401), two use-after-free when working with events in FontFace objects (CVE-2017-5402) and with ranges in selections (CVE-2017-5404), and memory safety bugs (CVE-2017-5398).