ArchLinux: 201910-15: thunderbird: multiple issues

    Date28 Oct 2019
    CategoryArchLinux
    344
    Posted ByLinuxSecurity Advisories
    The package thunderbird before version 68.2.0-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, denial of service, insufficient validation and same-origin policy bypass.
    Arch Linux Security Advisory ASA-201910-15
    ==========================================
    
    Severity: Critical
    Date    : 2019-10-26
    CVE-ID  : CVE-2019-11757 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761
              CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903
    Package : thunderbird
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1054
    
    Summary
    =======
    
    The package thunderbird before version 68.2.0-1 is vulnerable to
    multiple issues including arbitrary code execution, access restriction
    bypass, denial of service, insufficient validation and same-origin
    policy bypass.
    
    Resolution
    ==========
    
    Upgrade to 68.2.0-1.
    
    # pacman -Syu "thunderbird>=68.2.0-1"
    
    The problems have been fixed upstream in version 68.2.0.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-11757 (arbitrary code execution)
    
    A use-after-free issue has been found in the IndexedDB component of
    Firefox before 70.0 and Thunderbird before 68.2. When storing a value
    in IndexedDB, the value's prototype chain is followed and it was
    possible to retain a reference to a locale, delete it, and subsequently
    reference it.
    
    - CVE-2019-11759 (arbitrary code execution)
    
    A stack-based buffer overflow has been found in the HKDF output of
    Firefox before 70.0 and Thunderbird before 68.2. An attacker could have
    caused 4 bytes of HMAC output to be written past the end of a buffer
    stored on the stack.
    
    - CVE-2019-11760 (arbitrary code execution)
    
    A fixed-size stack buffer overflow has been found in nrappkit, in the
    WebRTC signaling code of Firefox before 70.0 and Thunderbird before
    68.2.
    
    - CVE-2019-11761 (access restriction bypass)
    
    An issue has been found in Firefox before 70.0 and Thunderbird before
    68.2, where by using a form with a data URI it was possible to gain
    access to the privileged JSONView object that had been cloned into
    content. Impact from exposing this object appears to be minimal,
    however it was a bypass of existing defense in depth mechanisms.
    
    - CVE-2019-11762 (same-origin policy bypass)
    
    A same-origin policy bypass has been found in Firefox before 70.0 and
    Thunderbird before 68.2 where, if two same-origin documents set
    document.domain differently to become cross-origin, it was possible for
    them to call arbitrary DOM methods/getters/setters on the now-cross-
    origin window.
    
    - CVE-2019-11763 (insufficient validation)
    
    An issue has been found in Firefox before 70.0 and Thunderbird before
    68.2, where failure to correctly handle null bytes when processing HTML
    entities resulted in incorrectly parsing these entities. This could
    have led to HTML comment text being treated as HTML which could have
    led to XSS in a web application under certain conditions. It could have
    also led to HTML entities being masked from filters, enabling the use
    of entities to mask the actual characters of interest from filters.
    
    - CVE-2019-11764 (arbitrary code execution)
    
    Several memory safety bugs have been found in Firefox before 70.0 and
    Thunderbird before 68.2. Some of these bugs showed evidence of memory
    corruption and Mozilla presumes that with enough effort some of these
    could be exploited to run arbitrary code.
    
    - CVE-2019-15903 (denial of service)
    
    A security issue has been found in libexpat before 2.2.8, where crafted
    XML input could fool the parser into changing from DTD parsing to
    document parsing too early; a consecutive call to
    XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted
    in a heap-based buffer over-read
    
    Impact
    ======
    
    A remote attacker could crash Thunderbird, bypass security measures or
    execute arbitrary code.
    
    References
    ==========
    
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11757
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11757
    https://bugzilla.mozilla.org/show_bug.cgi?id=1577107
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11759
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11759
    https://bugzilla.mozilla.org/show_bug.cgi?id=1577953
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11760
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11760
    https://bugzilla.mozilla.org/show_bug.cgi?id=1577719
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11761
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11761
    https://bugzilla.mozilla.org/show_bug.cgi?id=1561502
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11762
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11762
    https://bugzilla.mozilla.org/show_bug.cgi?id=1582857
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11763
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11763
    https://bugzilla.mozilla.org/show_bug.cgi?id=1584216
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11764
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11764
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1558522%2C1577061%2C1548044%2C1571223%2C1573048%2C1578933%2C1575217%2C1583684%2C1586845%2C1581950%2C1583463%2C1586599
    https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
    https://crbug.com/1004341
    https://github.com/libexpat/libexpat/issues/317
    https://github.com/libexpat/libexpat/pull/318
    https://security.archlinux.org/CVE-2019-11757
    https://security.archlinux.org/CVE-2019-11759
    https://security.archlinux.org/CVE-2019-11760
    https://security.archlinux.org/CVE-2019-11761
    https://security.archlinux.org/CVE-2019-11762
    https://security.archlinux.org/CVE-2019-11763
    https://security.archlinux.org/CVE-2019-11764
    https://security.archlinux.org/CVE-2019-15903
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"66","type":"x","order":"1","pct":57.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.57,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.