ArchLinux: 201703-2: thunderbird: multiple issues
Summary
- CVE-2017-5398 (arbitrary code execution)
Several memory safety bugs, some of them leading to memory corruption
issues have been found in Firefox < 52 and Thunderbird < 45.8.
- CVE-2017-5400 (arbitrary code execution)
JIT-spray targeting asm.js combined with a heap spray allows for a
bypass of ASLR and DEP protections leading to potential memory
corruption attacks.
- CVE-2017-5401 (arbitrary code execution)
A crash triggerable by web content in which an ErrorResult references
unassigned memory due to a logic error.
- CVE-2017-5402 (arbitrary code execution)
A use-after-free can occur when events are fired for a FontFace object
after the object has been already been destroyed while working with
fonts.
- CVE-2017-5404 (arbitrary code execution)
A use-after-free error can occur when manipulating ranges in selections
with one node inside a native anonymous tree and one node outside of
it. This results in a potentially exploitable crash.
- CVE-2017-5405 (content spoofing)
Certain response codes in FTP connections can result in the use of
uninitialized values for ports in FTP operations.
- CVE-2017-5407 (information disclosure)
Using SVG filters that don't use the fixed point math implementation on
a target iframe, a malicious page can extract pixel values from a
targeted user. This can be used to extract history information and read
text values across domains. This violates same-origin policy and leads
to information disclosure.
- CVE-2017-5408 (information disclosure)
Video files loaded video captions cross-origin without checking for the
presence of CORS headers permitting such cross-origin use, leading to
potential information disclosure for video captions.
- CVE-2017-5410 (arbitrary code execution)
Memory corruption resulting in a potentially exploitable crash during
garbage collection of JavaScript due errors in how incremental sweeping
is managed for memory cleanup.
Resolution
Upgrade to 45.8.0-1.
# pacman -Syu "thunderbird>=45.8.0-1"
The problems have been fixed upstream in version 45.8.0.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5398 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5400 https://bugzilla.mozilla.org/show_bug.cgi?id=1334933 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401 https://bugzilla.mozilla.org/show_bug.cgi?id=1328861 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402 https://bugzilla.mozilla.org/show_bug.cgi?id=1334876 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5404 https://bugzilla.mozilla.org/show_bug.cgi?id=1340138 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405 https://bugzilla.mozilla.org/show_bug.cgi?id=1336699 https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407 https://bugzilla.mozilla.org/show_bug.cgi?id=1336622 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408 https://bugzilla.mozilla.org/show_bug.cgi?id=1313711 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5410 https://bugzilla.mozilla.org/show_bug.cgi?id=1330687 https://security.archlinux.org/CVE-2017-5398 https://security.archlinux.org/CVE-2017-5400 https://security.archlinux.org/CVE-2017-5401 https://security.archlinux.org/CVE-2017-5402 https://security.archlinux.org/CVE-2017-5404 https://security.archlinux.org/CVE-2017-5405 https://security.archlinux.org/CVE-2017-5407 https://security.archlinux.org/CVE-2017-5408 https://security.archlinux.org/CVE-2017-5410
Workaround
None.