[arch-security] [ASA-201710-19] thunderbird: multiple issues
rgacogne at archlinux.org
Fri Oct 13 08:01:24 UTC 2017
Arch Linux Security Advisory ASA-201710-19
Date : 2017-10-12
CVE-ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814
CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824
Package : thunderbird
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-441
The package thunderbird before version 52.4.0-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass and cross-site scripting.
Upgrade to 52.4.0-1.
# pacman -Syu "thunderbird>=52.4.0-1"
The problems have been fixed upstream in version 52.4.0.
- CVE-2017-7793 (arbitrary code execution)
A use-after-free vulnerability can occur in the Fetch API of
Thunderbird < 52.4, when the worker or the associated window are freed
when still in use, resulting in a potentially exploitable crash.
- CVE-2017-7805 (arbitrary code execution)
A security issue has been found in Thunderbird < 52.4. During TLS 1.2
exchanges, handshake hashes are generated which point to a message
buffer. This saved data is used for later messages but in some cases,
the handshake transcript can exceed the space available in the current
buffer, causing the allocation of a new buffer. This leaves a pointer
pointing to the old, freed buffer, resulting in a use-after-free when
handshake hashes are then calculated afterwards. This can result in a
potentially exploitable crash.
- CVE-2017-7810 (arbitrary code execution)
Mozilla developers and community members Christoph Diehl, Jan de Mooij,
Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian
Hengst reported memory safety bugs present in Firefox <= 55, Firefox
ESR <= 52.3, and Thunderbird <= 52.3. Some of these bugs showed
evidence of memory corruption and we presume that with enough effort
that some of these could be exploited to run arbitrary code.
- CVE-2017-7814 (access restriction bypass)
A security issue has been found in Thunderbird < 52.4. File downloads
encoded with blob: and data: URL elements bypassed normal file download
checks though the Phishing and Malware Protection feature and its block
lists of suspicious sites and files. This would allow malicious sites
to lure users into downloading executables that would otherwise be
detected as suspicious.
- CVE-2017-7818 (arbitrary code execution)
A use-after-free vulnerability can occur when manipulating arrays of
Accessible Rich Internet Applications (ARIA) elements within containers
through the DOM, in Thunderbird < 52.4. This results in a potentially
- CVE-2017-7819 (arbitrary code execution)
A use-after-free vulnerability can occur in design mode when image
objects are resized if objects referenced during the resizing have been
freed from memory, in Thunderbird < 52.4. This results in a potentially
- CVE-2017-7823 (cross-site scripting)
The content security policy (CSP) sandbox directive in Thunderbird <
52.4 did not create a unique origin for the document, causing it to
behave as if the allow-same-origin keyword were always specified. This
could allow a Cross-Site Scripting (XSS) attack to be launched from
- CVE-2017-7824 (arbitrary code execution)
A buffer overflow occurs when drawing and validating elements with the
ANGLE graphics library, used for WebGL content in Thunderbird < 52.4.
This is due to an incorrect value being passed within the library
during checks and results in a potentially exploitable crash.
A remote attacker can bypass security measures like the phishing and
malware protection or a content security policy, and execute arbitrary
code on the affected host.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the arch-security