Arch Linux Security Advisory ASA-201512-14 ========================================== Severity: Critical Date : 2015-12-25 CVE-ID : CVE-2015-7201 CVE-2015-7205 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 Package : thunderbird Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package thunderbird before version 38.5.0-1 is vulnerable to multiple issues. Resolution ========== Upgrade to 38.5.0-1. # pacman -Syu "thunderbird>=38.5.0-1" The problem has been fixed upstream in version 38.5.0. Workaround ========== None. Description =========== - CVE-2015-7201 (cross-origin restriction bypass using data: and view-source: uri scheme): Security researcher Tsubasa Iinuma reported a mechanism to violate same-origin policy to content using data: and view-source: URIs to confuse protections and bypass restrictions. This resulted in the ability to read data from cross-site URLs and local files. - CVE-2015-7205 (overflow in MPEG4Extractor::readMetaData causes memory-safety bug): Security researcher Ronald Crane reported a vulnerability found through code inspection. This issue is an integer overflow while processing an MP4 format video file when an a erroneously-small buffer is allocated and then overrun, resulting in a potentially exploitable crash. - CVE-2015-7212 (underflow in RTPReceiverVideo::ParseRtpPacket causes memory-safety bug and information leak): Security researcher Ronald Crane reported an underflow found through code inspection. This does not all have a clear mechanism to be exploited through web content but could be vulnerable if a means can be found to trigger it. - CVE-2015-7213 (integer overflow allocating extremely large textures): Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an integer overflow when when allocating textures of extremely larges sizes during graphics operations. This results in a potentially exploitable crash when triggered. - CVE-2015-7214 (miscellaneous memory safety hazards): Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Andrei Vaida, Jesse Ruderman, and Bob Clary reported memory safety problems and crashes that affect Firefox ESR 38.4 and Firefox 42. Impact ====== A remote attacker might be able to bypass the same-origin policy to access sensitive data, or execute arbitrary code on the affected host. References ========== https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#th... https://access.redhat.com/security/cve/CVE-2015-7201 https://access.redhat.com/security/cve/CVE-2015-7205 https://access.redhat.com/security/cve/CVE-2015-7212 https://access.redhat.com/security/cve/CVE-2015-7213 https://access.redhat.com/security/cve/CVE-2015-7214