[ASA-201803-22] thunderbird: multiple issues
rgacogne at archlinux.org
Sun Mar 25 14:14:26 UTC 2018
Arch Linux Security Advisory ASA-201803-22
Date : 2018-03-24
CVE-ID : CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144
Package : thunderbird
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-663
The package thunderbird before version 52.7.0-1 is vulnerable to
multiple issues including arbitrary code execution and access
Upgrade to 52.7.0-1.
# pacman -Syu "thunderbird>=52.7.0-1"
The problems have been fixed upstream in version 52.7.0.
- CVE-2018-5125 (arbitrary code execution)
Various memory safety bugs have been found in Thunderbird < 52.7.0 and
Firefox < 59.0, some of them presenting evidence of memory corruption.
Mozilla presumes that with enough effort some of these could be
exploited to run arbitrary code.
- CVE-2018-5127 (arbitrary code execution)
A buffer overflow can occur in Thunderbird < 52.7.0 when manipulating
the SVG animatedPathSegList through script. This results in a
potentially exploitable crash.
- CVE-2018-5129 (access restriction bypass)
A lack of parameter validation on IPC messages results in a potential
out-of-bounds write in Thunderbird < 52.7.0, through malformed IPC
messages. This can potentially allow for sandbox escape through memory
corruption in the parent process.
- CVE-2018-5144 (arbitrary code execution)
An integer overflow can occur during conversion of text to some Unicode
character sets in Thunderbird < 52.7.0, due to an unchecked length
- CVE-2018-5145 (arbitrary code execution)
Various memory safety bugs have been found in Thunderbird < 52.7.0,
some of them presenting evidence of memory corruption. Mozilla presumes
that with enough effort some of these could be exploited to run
- CVE-2018-5146 (arbitrary code execution)
An out of bounds memory write vulnerability has been discovered in
libvorbis before 1.3.6 while processing Vorbis audio data related to
codebooks that are not an exact divisor of the partition size.
A remote attacker might be able to bypass the sandbox and execute
arbitrary code on the affected host via a crafted page containing an
SVG object, a Vorbis audio file or some unicode characters. These
issues can generally not be exploited through email because scripting
is then disabled, but can be exploited in browser-like contexts.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the arch-security