Severity: Critical Date : 2017-03-10 CVE-ID : CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 Package : thunderbird Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-193
The package thunderbird before version 45.8.0-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and content spoofing.
Upgrade to 45.8.0-1.
The problems have been fixed upstream in version 45.8.0.
Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52 and Thunderbird < 45.8.
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error.
A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts.
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash.
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure.
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.
A remote attacker can access sensitive information, force a user to connect to a spoofed FTP port or execute arbitrary code on the affected host.
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5398 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5400 https://bugzilla.mozilla.org/show_bug.cgi?id=1334933 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401 https://bugzilla.mozilla.org/show_bug.cgi?id=1328861 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402 https://bugzilla.mozilla.org/show_bug.cgi?id=1334876 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5404 https://bugzilla.mozilla.org/show_bug.cgi?id=1340138 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405 https://bugzilla.mozilla.org/show_bug.cgi?id=1336699 https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407 https://bugzilla.mozilla.org/show_bug.cgi?id=1336622 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408 https://bugzilla.mozilla.org/show_bug.cgi?id=1313711 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5410 https://bugzilla.mozilla.org/show_bug.cgi?id=1330687 https://security.archlinux.org/CVE-2017-5398 https://security.archlinux.org/CVE-2017-5400 https://security.archlinux.org/CVE-2017-5401 https://security.archlinux.org/CVE-2017-5402 https://security.archlinux.org/CVE-2017-5404 https://security.archlinux.org/CVE-2017-5405 https://security.archlinux.org/CVE-2017-5407 https://security.archlinux.org/CVE-2017-5408 https://security.archlinux.org/CVE-2017-5410