Discover Government News

Arch Linux Security Advisory ASA-201703-2
========================================
Severity: Critical
Date    : 2017-03-10
CVE-ID  : CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402
          CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408
          CVE-2017-5410
Package : thunderbird
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-193

Summary
======
The package thunderbird before version 45.8.0-1 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure and content spoofing.

Resolution
=========
Upgrade to 45.8.0-1.

# pacman -Syu "thunderbird>=45.8.0-1"

The problems have been fixed upstream in version 45.8.0.

Workaround
=========
None.

Description
==========
- CVE-2017-5398 (arbitrary code execution)

Several memory safety bugs, some of them leading to memory corruption
issues have been found in Firefox < 52 and Thunderbird < 45.8.

- CVE-2017-5400 (arbitrary code execution)

JIT-spray targeting asm.js combined with a heap spray allows for a
bypass of ASLR and DEP protections leading to potential memory
corruption attacks.

- CVE-2017-5401 (arbitrary code execution)

A crash triggerable by web content in which an ErrorResult references
unassigned memory due to a logic error.

- CVE-2017-5402 (arbitrary code execution)

A use-after-free can occur when events are fired for a FontFace object
after the object has been already been destroyed while working with
fonts.

- CVE-2017-5404 (arbitrary code execution)

A use-after-free error can occur when manipulating ranges in selections
with one node inside a native anonymous tree and one node outside of
it. This results in a potentially exploitable crash.

- CVE-2017-5405 (content spoofing)

Certain response codes in FTP connections can result in the use of
uninitialized values for ports in FTP operations.

- CVE-2017-5407 (information disclosure)

Using SVG filters that don't use the fixed point math implementation on
a target iframe, a malicious page can extract pixel values from a
targeted user. This can be used to extract history information and read
text values across domains. This violates same-origin policy and leads
to information disclosure.

- CVE-2017-5408 (information disclosure)

Video files loaded video captions cross-origin without checking for the
presence of CORS headers permitting such cross-origin use, leading to
potential information disclosure for video captions.

- CVE-2017-5410 (arbitrary code execution)

Memory corruption resulting in a potentially exploitable crash during
garbage collection of JavaScript due errors in how incremental sweeping
is managed for memory cleanup.

Impact
=====
A remote attacker can access sensitive information, force a user to
connect to a spoofed FTP port or execute arbitrary code on the affected
host.

References
=========
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5398
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5400
https://bugzilla.mozilla.org/show_bug.cgi?id=1334933
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401
https://bugzilla.mozilla.org/show_bug.cgi?id=1328861
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402
https://bugzilla.mozilla.org/show_bug.cgi?id=1334876
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5404
https://bugzilla.mozilla.org/show_bug.cgi?id=1340138
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405
https://bugzilla.mozilla.org/show_bug.cgi?id=1336699
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407
https://bugzilla.mozilla.org/show_bug.cgi?id=1336622
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408
https://bugzilla.mozilla.org/show_bug.cgi?id=1313711
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5410
https://bugzilla.mozilla.org/show_bug.cgi?id=1330687
https://security.archlinux.org/CVE-2017-5398
https://security.archlinux.org/CVE-2017-5400
https://security.archlinux.org/CVE-2017-5401
https://security.archlinux.org/CVE-2017-5402
https://security.archlinux.org/CVE-2017-5404
https://security.archlinux.org/CVE-2017-5405
https://security.archlinux.org/CVE-2017-5407
https://security.archlinux.org/CVE-2017-5408
https://security.archlinux.org/CVE-2017-5410

ArchLinux: 201703-2: thunderbird: multiple issues

March 10, 2017

Summary

- CVE-2017-5398 (arbitrary code execution) Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52 and Thunderbird < 45.8.
- CVE-2017-5400 (arbitrary code execution)
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
- CVE-2017-5401 (arbitrary code execution)
A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error.
- CVE-2017-5402 (arbitrary code execution)
A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts.
- CVE-2017-5404 (arbitrary code execution)
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash.
- CVE-2017-5405 (content spoofing)
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.
- CVE-2017-5407 (information disclosure)
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure.
- CVE-2017-5408 (information disclosure)
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.
- CVE-2017-5410 (arbitrary code execution)
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup.

Resolution

Upgrade to 45.8.0-1. # pacman -Syu "thunderbird>=45.8.0-1"
The problems have been fixed upstream in version 45.8.0.

References

https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5398 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5400 https://bugzilla.mozilla.org/show_bug.cgi?id=1334933 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401 https://bugzilla.mozilla.org/show_bug.cgi?id=1328861 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402 https://bugzilla.mozilla.org/show_bug.cgi?id=1334876 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5404 https://bugzilla.mozilla.org/show_bug.cgi?id=1340138 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405 https://bugzilla.mozilla.org/show_bug.cgi?id=1336699 https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407 https://bugzilla.mozilla.org/show_bug.cgi?id=1336622 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408 https://bugzilla.mozilla.org/show_bug.cgi?id=1313711 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5410 https://bugzilla.mozilla.org/show_bug.cgi?id=1330687 https://security.archlinux.org/CVE-2017-5398 https://security.archlinux.org/CVE-2017-5400 https://security.archlinux.org/CVE-2017-5401 https://security.archlinux.org/CVE-2017-5402 https://security.archlinux.org/CVE-2017-5404 https://security.archlinux.org/CVE-2017-5405 https://security.archlinux.org/CVE-2017-5407 https://security.archlinux.org/CVE-2017-5408 https://security.archlinux.org/CVE-2017-5410

Severity
CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408
CVE-2017-5410
Package : thunderbird
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-193

Workaround

None.

Related News