ArchLinux: 201905-8: thunderbird: multiple issues

    Date 28 May 2019
    504
    Posted By LinuxSecurity Advisories
    The package thunderbird before version 60.7.0-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, same-origin policy bypass, information disclosure and denial of service.
    Arch Linux Security Advisory ASA-201905-8
    =========================================
    
    Severity: Critical
    Date    : 2019-05-23
    CVE-ID  : CVE-2019-5798  CVE-2019-7317  CVE-2019-9800  CVE-2019-9816
              CVE-2019-9817  CVE-2019-9819  CVE-2019-11691 CVE-2019-11692
              CVE-2019-11693 CVE-2019-11698 CVE-2019-18511
    Package : thunderbird
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-965
    
    Summary
    =======
    
    The package thunderbird before version 60.7.0-1 is vulnerable to
    multiple issues including arbitrary code execution, access restriction
    bypass, same-origin policy bypass, information disclosure and denial of
    service.
    
    Resolution
    ==========
    
    Upgrade to 60.7.0-1.
    
    # pacman -Syu "thunderbird>=60.7.0-1"
    
    The problems have been fixed upstream in version 60.7.0.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-5798 (information disclosure)
    
    An out-of-bounds read has been found in the Skia component of the
    chromium browser before 73.0.3683.75 and Thunderbird before 60.7.0.
    
    - CVE-2019-7317 (denial of service)
    
    png_image_free in png.c in libpng 1.6.36 has a use-after-free because
    png_image_free_function is called under png_safe_execute.
    
    - CVE-2019-9800 (arbitrary code execution)
    
    Several memory safety bugs have been found in Firefox before 67.0 and
    Thunderbird before 60.7.0. Some of these bugs showed evidence of memory
    corruption and Mozilla presumes that with enough effort some of these
    could be exploited to run arbitrary code.
    
    - CVE-2019-9816 (access restriction bypass)
    
    A possible vulnerability exists in Firefox before 67.0 and Thunderbird
    before 60.7.0, where type confusion can occur when manipulating
    JavaScript objects in object groups, allowing for the bypassing of
    security checks within these groups. Note that this vulnerability has
    only been demonstrated with UnboxedObjects, which are disabled by
    default on all supported releases.
    
    - CVE-2019-9817 (same-origin policy bypass)
    
    In Firefox before 67.0 and Thunderbird before 60.7.0, images from a
    different domain can be read using a canvas object in some
    circumstances. This could be used to steal image data from a different
    site in violation of same-origin policy.
    
    - CVE-2019-9819 (arbitrary code execution)
    
    A vulnerability where a JavaScript compartment mismatch can occur in
    Firefox before 67.0 and Thunderbird before 60.7.0, while working with
    the fetch API, resulting in a potentially exploitable crash.
    
    - CVE-2019-11691 (arbitrary code execution)
    
    A use-after-free vulnerability can occur in Firefox before 67.0 and
    Thunderbird before 60.7.0, when working with XMLHttpRequest (XHR) in an
    event loop, causing the XHR main thread to be called after it has been
    freed. This results in a potentially exploitable crash.
    
    - CVE-2019-11692 (arbitrary code execution)
    
    A use-after-free vulnerability can occur in Firefox before 67.0 and
    Thunderbird before 60.7.0, when listeners are removed from the event
    listener manager while still in use, resulting in a potentially
    exploitable crash.
    
    - CVE-2019-11693 (arbitrary code execution)
    
    The bufferdata function in WebGL in Firefox before 67.0 and Thunderbird
    before 60.7.0 is vulnerable to a buffer overflow with specific graphics
    drivers on Linux. This could result in malicious content freezing a tab
    or triggering a potentially exploitable crash.
    
    - CVE-2019-11698 (information disclosure)
    
    If a crafted hyperlink is dragged and dropped to the bookmark bar or
    sidebar in Firefox before 67.0 or Thunderbird before 60.7.0, and the
    resulting bookmark is subsequently dragged and dropped into the web
    content area, an arbitrary query of a user's browser history can be run
    and transmitted to the content page via drop event data. This allows
    for the theft of browser history by a malicious site.
    
    - CVE-2019-18511 (same-origin policy bypass)
    
    An issue has been found in Thunderbird before 60.7.0, where cross-
    origin images can be read from a canvas element in violation of the
    same-origin policy using the transferFromImageBitmap method.
    
    Impact
    ======
    
    A remote attacker can crash Thunderbird, access sensitive information,
    bypass security measures or execute arbitrary code on the affected
    host.
    
    References
    ==========
    
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/
    https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-5798
    https://bugs.chromium.org/p/chromium/issues/detail?id=883596
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
    https://github.com/glennrp/libpng/issues/275
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9800
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540166%2C1534593%2C1546327%2C1540136%2C1538736%2C1538042%2C1535612%2C1499719%2C1499108%2C1538619%2C1535194%2C1516325%2C1542324%2C1542097%2C1532465%2C1533554%2C1541580
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9816
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9816
    https://bugzilla.mozilla.org/show_bug.cgi?id=1536768
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9817
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817
    https://bugzilla.mozilla.org/show_bug.cgi?id=1540221
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9819
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9819
    https://bugzilla.mozilla.org/show_bug.cgi?id=1532553
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11691
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11691
    https://bugzilla.mozilla.org/show_bug.cgi?id=1542465
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11692
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11692
    https://bugzilla.mozilla.org/show_bug.cgi?id=1544670
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11693
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693
    https://bugzilla.mozilla.org/show_bug.cgi?id=1532525
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11698
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11698
    https://bugzilla.mozilla.org/show_bug.cgi?id=1543191
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2018-18511
    https://bugzilla.mozilla.org/show_bug.cgi?id=1526218
    https://security.archlinux.org/CVE-2019-5798
    https://security.archlinux.org/CVE-2019-7317
    https://security.archlinux.org/CVE-2019-9800
    https://security.archlinux.org/CVE-2019-9816
    https://security.archlinux.org/CVE-2019-9817
    https://security.archlinux.org/CVE-2019-9819
    https://security.archlinux.org/CVE-2019-11691
    https://security.archlinux.org/CVE-2019-11692
    https://security.archlinux.org/CVE-2019-11693
    https://security.archlinux.org/CVE-2019-11698
    https://security.archlinux.org/CVE-2019-18511
    
    

    LinuxSecurity Poll

    How do you feel about the elimination of the terms 'blacklist' and 'slave' from the Linux kernel?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/32-how-do-you-feel-about-the-elimination-of-the-terms-blacklist-and-slave-from-the-linux-kernel?task=poll.vote&format=json
    32
    radio
    [{"id":"112","title":"I strongly support this change - racially charged language should not be used in the code and documentation of the kernel and other open-source projects.","votes":"3","type":"x","order":"1","pct":42.86,"resources":[]},{"id":"113","title":"I'm indifferent - this small change will not affect broader issues of racial insensitivity and white privilege.","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"114","title":"I'm opposed to this change - there is no need to change language that has been used for years. It doesn't make sense for people to take offense to terminology used in community projects.","votes":"2","type":"x","order":"3","pct":28.57,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.