[arch-security] [ASA-201703-2] thunderbird: multiple issues
Remi Gacogne
rgacogne at archlinux.org
Fri Mar 10 21:44:05 UTC 2017
Arch Linux Security Advisory ASA-201703-2
=========================================
Severity: Critical
Date : 2017-03-10
CVE-ID : CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402
CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408
CVE-2017-5410
Package : thunderbird
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-193
Summary
=======
The package thunderbird before version 45.8.0-1 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure and content spoofing.
Resolution
==========
Upgrade to 45.8.0-1.
# pacman -Syu "thunderbird>=45.8.0-1"
The problems have been fixed upstream in version 45.8.0.
Workaround
==========
None.
Description
===========
- CVE-2017-5398 (arbitrary code execution)
Several memory safety bugs, some of them leading to memory corruption
issues have been found in Firefox < 52 and Thunderbird < 45.8.
- CVE-2017-5400 (arbitrary code execution)
JIT-spray targeting asm.js combined with a heap spray allows for a
bypass of ASLR and DEP protections leading to potential memory
corruption attacks.
- CVE-2017-5401 (arbitrary code execution)
A crash triggerable by web content in which an ErrorResult references
unassigned memory due to a logic error.
- CVE-2017-5402 (arbitrary code execution)
A use-after-free can occur when events are fired for a FontFace object
after the object has been already been destroyed while working with
fonts.
- CVE-2017-5404 (arbitrary code execution)
A use-after-free error can occur when manipulating ranges in selections
with one node inside a native anonymous tree and one node outside of
it. This results in a potentially exploitable crash.
- CVE-2017-5405 (content spoofing)
Certain response codes in FTP connections can result in the use of
uninitialized values for ports in FTP operations.
- CVE-2017-5407 (information disclosure)
Using SVG filters that don't use the fixed point math implementation on
a target iframe, a malicious page can extract pixel values from a
targeted user. This can be used to extract history information and read
text values across domains. This violates same-origin policy and leads
to information disclosure.
- CVE-2017-5408 (information disclosure)
Video files loaded video captions cross-origin without checking for the
presence of CORS headers permitting such cross-origin use, leading to
potential information disclosure for video captions.
- CVE-2017-5410 (arbitrary code execution)
Memory corruption resulting in a potentially exploitable crash during
garbage collection of JavaScript due errors in how incremental sweeping
is managed for memory cleanup.
Impact
======
A remote attacker can access sensitive information, force a user to
connect to a spoofed FTP port or execute arbitrary code on the affected
host.
References
==========
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5398
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5400
https://bugzilla.mozilla.org/show_bug.cgi?id=1334933
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401
https://bugzilla.mozilla.org/show_bug.cgi?id=1328861
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402
https://bugzilla.mozilla.org/show_bug.cgi?id=1334876
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5404
https://bugzilla.mozilla.org/show_bug.cgi?id=1340138
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405
https://bugzilla.mozilla.org/show_bug.cgi?id=1336699
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407
https://bugzilla.mozilla.org/show_bug.cgi?id=1336622
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408
https://bugzilla.mozilla.org/show_bug.cgi?id=1313711
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5410
https://bugzilla.mozilla.org/show_bug.cgi?id=1330687
https://security.archlinux.org/CVE-2017-5398
https://security.archlinux.org/CVE-2017-5400
https://security.archlinux.org/CVE-2017-5401
https://security.archlinux.org/CVE-2017-5402
https://security.archlinux.org/CVE-2017-5404
https://security.archlinux.org/CVE-2017-5405
https://security.archlinux.org/CVE-2017-5407
https://security.archlinux.org/CVE-2017-5408
https://security.archlinux.org/CVE-2017-5410
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20170310/8f6865eb/attachment.asc>
More information about the arch-security
mailing list