1 |
type: security |
2 |
subject: Updated thunderbird packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2017-5400 |
5 |
- CVE-2017-5401 |
6 |
- CVE-2017-5402 |
7 |
- CVE-2017-5404 |
8 |
- CVE-2017-5407 |
9 |
- CVE-2017-5410 |
10 |
- CVE-2017-5408 |
11 |
- CVE-2017-5405 |
12 |
- CVE-2017-5398 |
13 |
src: |
14 |
5: |
15 |
core: |
16 |
- thunderbird-45.8.0-1.mga5 |
17 |
- thunderbird-l10n-45.8.0-1.mga5 |
18 |
description: | |
19 |
JIT-spray targeting asm.js combined with a heap spray allows for a bypass |
20 |
of ASLR and DEP protections leading to potential memory corruption |
21 |
attacks. (CVE-2017-5400) |
22 |
|
23 |
A crash triggerable by web content in which an ErrorResult references |
24 |
unassigned memory due to a logic error. The resulting crash may be |
25 |
exploitable. (CVE-2017-5401) |
26 |
|
27 |
A use-after-free can occur when events are fired for a FontFace object |
28 |
after the object has been already been destroyed while working with fonts. |
29 |
This results in a potentially exploitable crash. (CVE-2017-5402) |
30 |
|
31 |
A use-after-free error can occur when manipulating ranges in selections |
32 |
with one node inside a native anonymous tree and one node outside of it. |
33 |
This results in a potentially exploitable crash. (CVE-2017-5404) |
34 |
|
35 |
Using SVG filters that don't use the fixed point math implementation on a |
36 |
target iframe, a malicious page can extract pixel values from a targeted |
37 |
user. This can be used to extract history information and read text values |
38 |
across domains. This violates same-origin policy and leads to information |
39 |
disclosure. (CVE-2017-5407) |
40 |
|
41 |
Memory corruption resulting in a potentially exploitable crash during |
42 |
garbage collection of JavaScript due errors in how incremental sweeping is |
43 |
managed for memory cleanup. (CVE-2017-5410) |
44 |
|
45 |
Video files loaded video captions cross-origin without checking for the |
46 |
presence of CORS headers permitting such cross-origin use, leading to |
47 |
potential information disclosure for video captions. (CVE-2017-5408) |
48 |
|
49 |
Certain response codes in FTP connections can result in the use of |
50 |
uninitialized values for ports in FTP operations. (CVE-2017-5405) |
51 |
|
52 |
Mozilla developers and community members Boris Zbarsky, Christian Holler, |
53 |
Honza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and |
54 |
Nathan Froyd reported memory safety bugs present in Thunderbird 45.7. Some |
55 |
of these bugs showed evidence of memory corruption and we presume that |
56 |
with enough effort that some of these could be exploited to run arbitrary |
57 |
code. (CVE-2017-5398) |
58 |
references: |
59 |
- https://bugs.mageia.org/show_bug.cgi?id=20420 |
60 |
- https://www.mozilla.org/en-US/thunderbird/45.8.0/releasenotes/ |
61 |
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/ |
62 |
ID: MGASA-2017-0082 |