Lucene search

AmazonALAS2-2019-1168

HistoryMar 07, 2019 - 5:55 a.m.

Critical: thunderbird

2019-03-0705:55:00

alas.aws.amazon.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.2%

JSON

Issue Overview:

A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.(CVE-2018-18493)

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.(CVE-2018-18494)

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.(CVE-2018-17466)

Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.(CVE-2018-12405)

A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.(CVE-2018-18492)

A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.(CVE-2018-18498)

Affected Packages:

thunderbird

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update thunderbird to update your system.

New Packages:

src:  
    thunderbird-60.5.0-1.amzn2.0.1.src  
  
x86_64:  
    thunderbird-60.5.0-1.amzn2.0.1.x86_64  
    thunderbird-debuginfo-60.5.0-1.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498

Mitre: CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498

OSVersionArchitecturePackageVersionFilename
Amazon Linux2x86_64thunderbird< 60.5.0-1.amzn2.0.1thunderbird-60.5.0-1.amzn2.0.1.x86_64.rpm
Amazon Linux2x86_64thunderbird-debuginfo< 60.5.0-1.amzn2.0.1thunderbird-debuginfo-60.5.0-1.amzn2.0.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	2	x86_64	thunderbird	< 60.5.0-1.amzn2.0.1	thunderbird-60.5.0-1.amzn2.0.1.x86_64.rpm
Amazon Linux	2	x86_64	thunderbird-debuginfo	< 60.5.0-1.amzn2.0.1	thunderbird-debuginfo-60.5.0-1.amzn2.0.1.x86_64.rpm