ArchLinux: 201810-13: thunderbird: multiple issues
Summary
- CVE-2018-12376 (arbitrary code execution)
Several memory safety bugs have been found in Thunderbird versions
prior to 60.2.1.
- CVE-2018-12377 (arbitrary code execution)
A use-after-free vulnerability has been found in Thunderbird versions
prior to 60.2.1, which can occur when refresh driver timers are
refreshed in some circumstances during shutdown when the timer is
deleted while still in use. This results in a potentially exploitable
crash.
- CVE-2018-12378 (arbitrary code execution)
A use-after-free vulnerability has been found in Thunderbird versions
prior to 60.2.1, which can occur when an IndexedDB index is deleted
while still in use by JavaScript code that is providing payload values
to be stored. This results in a potentially exploitable crash.
- CVE-2018-12379 (arbitrary code execution)
A security issue has been found in Thunderbird versions prior to
60.2.1. When the Mozilla Updater opens a MAR format file which contains
a very long item filename, an out-of-bounds write can be triggered,
leading to a potentially exploitable crash. This requires running the
Mozilla Updater manually on the local system with the malicious MAR
file in order to occur.
- CVE-2018-12383 (information disclosure)
A security issue has been found in Thunderbird versions prior to
60.2.1. If a user saved passwords before the move to a new password
format and then later set a master password, an unencrypted copy of
these passwords is still accessible. This is because the older stored
password file was not deleted when the data was copied to a new format.
The new master password is added only on the new file. This could allow
the exposure of stored password data outside of user expectations.
- CVE-2018-12385 (arbitrary code execution)
A security issue has been found in Thunderbird versions prior to
60.2.1. A potentially exploitable crash in TransportSecurityInfo used
for SSL can be triggered by data stored in the local cache in the user
profile directory. This issue is only exploitable in combination with
another vulnerability allowing an attacker to write data into the local
cache or from locally installed malware.
Resolution
Upgrade to 60.2.1-1.
# pacman -Syu "thunderbird>=60.2.1-1"
The problems have been fixed upstream in version 60.2.1.
References
https://bugs.archlinux.org/task/60424 https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12376 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1469309%2C1469914%2C1450989%2C1480092%2C1480517%2C1481093%2C1478575%2C1471953%2C1473161%2C1466991%2C1468738%2C1483120%2C1467363%2C1472925%2C1466577%2C1467889%2C1480521%2C1478849 https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12377 https://bugzilla.mozilla.org/show_bug.cgi?id=1470260 https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12378 https://bugzilla.mozilla.org/show_bug.cgi?id=1459383 https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12379 https://bugzilla.mozilla.org/show_bug.cgi?id=1473113 https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12383 https://bugzilla.mozilla.org/show_bug.cgi?id=1475775 https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12385 https://bugzilla.mozilla.org/show_bug.cgi?id=1490585 https://security.archlinux.org/CVE-2018-12376 https://security.archlinux.org/CVE-2018-12377 https://security.archlinux.org/CVE-2018-12378 https://security.archlinux.org/CVE-2018-12379 https://security.archlinux.org/CVE-2018-12383 https://security.archlinux.org/CVE-2018-12385
Workaround
None.