[arch-security] [ASA-201708-18] thunderbird: multiple issues
Arch Linux Security Advisory ASA-201708-18 ========================================== Severity: Critical Date : 2017-08-23 CVE-ID : CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809 Package : thunderbird Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-385 Summary ======= The package thunderbird before version 52.3.0-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, information disclosure, same-origin policy bypass and access restriction bypass. Resolution ========== Upgrade to 52.3.0-1. # pacman -Syu "thunderbird>=52.3.0-1" The problems have been fixed upstream in version 52.3.0. Workaround ========== None. Description =========== - CVE-2017-7753 (information disclosure) An out-of-bounds read has been found in firefox < 55.0 and thunderbird < 52.3, when applying style rules to pseudo-elements, such as ::first- line, using cached style data. - CVE-2017-7779 (arbitrary code execution) Several memory safety bugs have been found in firefox < 55.0 and thunderbird < 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. - CVE-2017-7784 (arbitrary code execution) A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. - CVE-2017-7785 (arbitrary code execution) A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. - CVE-2017-7786 (arbitrary code execution) A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. - CVE-2017-7787 (same-origin policy bypass) Same-origin policy protections can be bypassed in firefox < 55.0 and thunderbird < 52.3, on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page and leading to information disclosure. - CVE-2017-7791 (content spoofing) A content spoofing issue has been found in firefox < 55.0 and thunderbird < 52.3. On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. - CVE-2017-7792 (arbitrary code execution) A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. - CVE-2017-7800 (arbitrary code execution) A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, in WebSockets, when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. - CVE-2017-7801 (arbitrary code execution) A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. - CVE-2017-7802 (arbitrary code execution) A use-after-free vulnerability has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. - CVE-2017-7803 (access restriction bypass) A security issue has been found in firefox < 55.0 and thunderbird < 52.3. When a page’s content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP. - CVE-2017-7807 (content spoofing) A domain hijacking flaw has been found in firefox < 55.0 and thunderbird < 52.3. A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. - CVE-2017-7809 (arbitrary code execution) A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. Impact ====== A remote attacker can access sensitive information, bypass security restrictions, crash the application or execute arbitrary code on the affected host. References ========== https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7753 https://bugzilla.mozilla.org/show_bug.cgi?id=1353312 https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7779 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1354443%2C1368576%2C1366903%... https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7784 https://bugzilla.mozilla.org/show_bug.cgi?id=1376087 https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7785 https://bugzilla.mozilla.org/show_bug.cgi?id=1356985 https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7786 https://bugzilla.mozilla.org/show_bug.cgi?id=1365189 https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7787 https://bugzilla.mozilla.org/show_bug.cgi?id=1322896 https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7791 https://bugzilla.mozilla.org/show_bug.cgi?id=1365875 https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7792 https://bugzilla.mozilla.org/show_bug.cgi?id=1368652 https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7800 https://bugzilla.mozilla.org/show_bug.cgi?id=1374047 https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7801 https://bugzilla.mozilla.org/show_bug.cgi?id=1371259 https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7802 https://bugzilla.mozilla.org/show_bug.cgi?id=1378147 https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7803 https://bugzilla.mozilla.org/show_bug.cgi?id=1377426 https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7807 https://bugzilla.mozilla.org/show_bug.cgi?id=1376459 https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7809 https://bugzilla.mozilla.org/show_bug.cgi?id=1380284 https://security.archlinux.org/CVE-2017-7753 https://security.archlinux.org/CVE-2017-7779 https://security.archlinux.org/CVE-2017-7784 https://security.archlinux.org/CVE-2017-7785 https://security.archlinux.org/CVE-2017-7786 https://security.archlinux.org/CVE-2017-7787 https://security.archlinux.org/CVE-2017-7791 https://security.archlinux.org/CVE-2017-7792 https://security.archlinux.org/CVE-2017-7800 https://security.archlinux.org/CVE-2017-7801 https://security.archlinux.org/CVE-2017-7802 https://security.archlinux.org/CVE-2017-7803 https://security.archlinux.org/CVE-2017-7807 https://security.archlinux.org/CVE-2017-7809
participants (1)
-
Levente Polyak