Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-201710-19
HistoryOct 12, 2017 - 12:00 a.m.

[ASA-201710-19] thunderbird: multiple issues

2017-10-1200:00:00
security.archlinux.org
16

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.028 Low

EPSS

Percentile

90.5%

JSON

Arch Linux Security Advisory ASA-201710-19

Severity: Critical
Date : 2017-10-12
CVE-ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814
CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824
Package : thunderbird
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-441

Summary

The package thunderbird before version 52.4.0-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass and cross-site scripting.

Resolution

Upgrade to 52.4.0-1.

pacman -Syu “thunderbird>=52.4.0-1”

The problems have been fixed upstream in version 52.4.0.

Workaround

None.

Description

  • CVE-2017-7793 (arbitrary code execution)

A use-after-free vulnerability can occur in the Fetch API of
Thunderbird < 52.4, when the worker or the associated window are freed
when still in use, resulting in a potentially exploitable crash.

  • CVE-2017-7805 (arbitrary code execution)

A security issue has been found in Thunderbird < 52.4. During TLS 1.2
exchanges, handshake hashes are generated which point to a message
buffer. This saved data is used for later messages but in some cases,
the handshake transcript can exceed the space available in the current
buffer, causing the allocation of a new buffer. This leaves a pointer
pointing to the old, freed buffer, resulting in a use-after-free when
handshake hashes are then calculated afterwards. This can result in a
potentially exploitable crash.

  • CVE-2017-7810 (arbitrary code execution)

Mozilla developers and community members Christoph Diehl, Jan de Mooij,
Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian
Hengst reported memory safety bugs present in Firefox <= 55, Firefox
ESR <= 52.3, and Thunderbird <= 52.3. Some of these bugs showed
evidence of memory corruption and we presume that with enough effort
that some of these could be exploited to run arbitrary code.

  • CVE-2017-7814 (access restriction bypass)

A security issue has been found in Thunderbird < 52.4. File downloads
encoded with blob: and data: URL elements bypassed normal file download
checks though the Phishing and Malware Protection feature and its block
lists of suspicious sites and files. This would allow malicious sites
to lure users into downloading executables that would otherwise be
detected as suspicious.

  • CVE-2017-7818 (arbitrary code execution)

A use-after-free vulnerability can occur when manipulating arrays of
Accessible Rich Internet Applications (ARIA) elements within containers
through the DOM, in Thunderbird < 52.4. This results in a potentially
exploitable crash.

  • CVE-2017-7819 (arbitrary code execution)

A use-after-free vulnerability can occur in design mode when image
objects are resized if objects referenced during the resizing have been
freed from memory, in Thunderbird < 52.4. This results in a potentially
exploitable crash.

  • CVE-2017-7823 (cross-site scripting)

The content security policy (CSP) sandbox directive in Thunderbird <
52.4 did not create a unique origin for the document, causing it to
behave as if the allow-same-origin keyword were always specified. This
could allow a Cross-Site Scripting (XSS) attack to be launched from
unsafe content.

  • CVE-2017-7824 (arbitrary code execution)

A buffer overflow occurs when drawing and validating elements with the
ANGLE graphics library, used for WebGL content in Thunderbird < 52.4.
This is due to an incorrect value being passed within the library
during checks and results in a potentially exploitable crash.

Impact

A remote attacker can bypass security measures like the phishing and
malware protection or a content security policy, and execute arbitrary
code on the affected host.

References

https://www.mozilla.org/en-US/security/advisories/mfsa2017-23
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7793
https://bugzilla.mozilla.org/show_bug.cgi?id=1371889
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7805
https://bugzilla.mozilla.org/show_bug.cgi?id=1377618
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7810
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1386787%2C1389974%2C1371657%2C1360334%2C1390550%2C1380824%2C1387918%2C1395598
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7814
https://bugzilla.mozilla.org/show_bug.cgi?id=1376036
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7818
https://bugzilla.mozilla.org/show_bug.cgi?id=1363723
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7819
https://bugzilla.mozilla.org/show_bug.cgi?id=1380292
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7823
https://bugzilla.mozilla.org/show_bug.cgi?id=1396320
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824
https://bugzilla.mozilla.org/show_bug.cgi?id=1398381
https://security.archlinux.org/CVE-2017-7793
https://security.archlinux.org/CVE-2017-7805
https://security.archlinux.org/CVE-2017-7810
https://security.archlinux.org/CVE-2017-7814
https://security.archlinux.org/CVE-2017-7818
https://security.archlinux.org/CVE-2017-7819
https://security.archlinux.org/CVE-2017-7823
https://security.archlinux.org/CVE-2017-7824

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanythunderbird< 52.4.0-1UNKNOWN

References

Related

openvas 39
mageia 2
osv 6
nessus 50
debian 7
suse 6
ubuntu 5
oraclelinux 3
centos 3
redhat 3
mozilla 3
altlinux 2
kaspersky 2
freebsd 2
veracode 8
redhatcve 8
prion 8
ubuntucve 8
cve 8
debiancve 8
ibm 5
f5 1
amazon 1
gentoo 2
oracle 2
openvas
openvas
Ubuntu: Security Advisory (USN-3436-1)
2017-10-12 00:00:00
Debian: Security Advisory (DLA-1153-1)
2023-03-08 00:00:00
Debian: Security Advisory (DLA-1118-1)
2018-02-06 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2017-10-05 23:37:56
Updated iceape packages fix security vulnerabilities
2018-01-02 14:48:29
osv
osv
thunderbird - security update
2017-11-01 00:00:00
thunderbird - security update
2017-10-31 00:00:00
firefox-esr - security update
2017-09-30 00:00:00
nessus
nessus
openSUSE Security Update : Mozilla Firefox and NSS (openSUSE-2017-1114)
2017-10-03 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Thunderbird vulnerabilities (USN-3436-1)
2017-10-12 00:00:00
Debian DSA-3987-1 : firefox-esr - security update
2017-10-02 00:00:00
debian
debian
[SECURITY] [DSA 4014-1] thunderbird security update
2017-11-01 22:19:49
[SECURITY] [DSA 3987-1] firefox-esr security update
2017-09-29 21:51:54
[SECURITY] [DLA 1118-1] firefox-esr security update
2017-09-30 16:57:14
suse
suse
Security update for Mozilla Firefox and NSS (important)
2017-10-02 18:09:14
Security update for MozillaFirefox, mozilla-nss (important)
2017-11-13 21:08:19
Security update for MozillaThunderbird (important)
2017-10-12 00:13:55
ubuntu
ubuntu
Thunderbird vulnerabilities
2017-10-11 00:00:00
Firefox vulnerabilities
2017-10-02 00:00:00
Firefox regression
2017-10-04 00:00:00
oraclelinux
oraclelinux
firefox security update
2017-09-29 00:00:00
thunderbird security update
2017-10-12 00:00:00
nss security update
2017-09-28 00:00:00
centos
centos
thunderbird security update
2017-10-12 12:12:05
firefox security update
2017-09-29 19:44:59
nss security update
2017-09-29 19:42:08
redhat
redhat
(RHSA-2017:2831) Critical: firefox security update
2017-09-28 18:56:55
(RHSA-2017:2885) Important: thunderbird security update
2017-10-11 22:55:46
(RHSA-2017:2832) Important: nss security update
2017-09-28 19:01:49
mozilla
mozilla
Security vulnerabilities fixed in Thunderbird 52.4 — Mozilla
2017-10-09 00:00:00
Security vulnerabilities fixed in Firefox ESR 52.4 — Mozilla
2017-09-28 00:00:00
Security vulnerabilities fixed in Firefox 56 — Mozilla
2017-09-28 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 52.4.0-alt1
2017-09-29 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 52.4.0-alt1
2017-10-07 00:00:00
kaspersky
kaspersky
KLA11116 Multiple vulnerabilities in Mozilla Thunderbird
2017-10-09 00:00:00
KLA11109 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2017-09-28 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2017-09-28 00:00:00
nss -- Use-after-free in TLS 1.2 generating handshake hashes
2017-08-04 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:37:15
Denial Of Service (DoS)
2019-05-02 06:37:15
Arbitrary Code Execution
2019-01-15 09:19:06
redhatcve
redhatcve
CVE-2017-7819
2017-09-28 19:19:43
CVE-2017-7793
2017-09-28 18:49:31
CVE-2017-7814
2017-09-28 19:20:32
prion
prion
Design/Logic Flaw
2018-06-11 21:29:00
Design/Logic Flaw
2018-06-11 21:29:00
Design/Logic Flaw
2018-06-11 21:29:00
ubuntucve
ubuntucve
CVE-2017-7818
2017-10-02 00:00:00
CVE-2017-7819
2017-10-02 00:00:00
CVE-2017-7814
2017-10-02 00:00:00
cve
cve
CVE-2017-7793
2018-06-11 21:29:00
CVE-2017-7819
2018-06-11 21:29:00
CVE-2017-7805
2018-06-11 21:29:00
debiancve
debiancve
CVE-2017-7793
2018-06-11 21:29:00
CVE-2017-7819
2018-06-11 21:29:00
CVE-2017-7805
2018-06-11 21:29:00
ibm
ibm
Security Bulletin: IBM MQ Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-7805)
2019-08-13 19:10:15
Security Bulletin: A vulnerability in nss affects PowerKVM
2018-06-18 01:38:35
Security Bulletin: Vulnerability in NSS affects Power Hardware Management Console (CVE-2017-7805)
2021-09-23 01:45:02
f5
f5
K58192514 : NSS vulnerability CVE-2017-7805
2017-11-02 00:00:00
amazon
amazon
Important: nss
2017-10-12 19:41:00
gentoo
gentoo
Mozilla Thunderbird: Multiple vulnerabilities
2018-03-28 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2018-02-20 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.028 Low

EPSS

Percentile

90.5%

JSON
Related for ASA-201710-19
openvas39mageia2osv6nessus50debian7suse6ubuntu5oraclelinux3centos3redhat3mozilla3altlinux2kaspersky2freebsd2veracode8redhatcve8prion8ubuntucve8cve8debiancve8ibm5f51amazon1gentoo2oracle2