ArchLinux: 201912-2: thunderbird: arbitrary code execution

    Date10 Dec 2019
    CategoryArchLinux
    147
    Posted ByLinuxSecurity Advisories
    The package thunderbird before version 68.3.0-1 is vulnerable to arbitrary code execution.
    Arch Linux Security Advisory ASA-201912-2
    =========================================
    
    Severity: Critical
    Date    : 2019-12-06
    CVE-ID  : CVE-2019-11745 CVE-2019-17005 CVE-2019-17008 CVE-2019-17010
              CVE-2019-17011 CVE-2019-17012
    Package : thunderbird
    Type    : arbitrary code execution
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1072
    
    Summary
    =======
    
    The package thunderbird before version 68.3.0-1 is vulnerable to
    arbitrary code execution.
    
    Resolution
    ==========
    
    Upgrade to 68.3.0-1.
    
    # pacman -Syu "thunderbird>=68.3.0-1"
    
    The problems have been fixed upstream in version 68.3.0.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-11745 (arbitrary code execution)
    
    An out-of-bounds write vulnerability has been found in the NSS
    component of Firefox before 71.0 and Thunderbird before 68.3. When
    encrypting with a block cipher, if a call to NSC_EncryptUpdate was made
    with data smaller than the block size, a small out of bounds write
    could occur. This could have caused heap corruption and a potentially
    exploitable crash.
    
    - CVE-2019-17005 (arbitrary code execution)
    
    An out-of-bounds write vulnerability has been found in Firefox before
    71.0 and Thunderbird before 68.3 where the plain text serializer used a
    fixed-size array for the number of elements it could process; however
    it was possible to overflow the static-sized array leading to memory
    corruption and a potentially exploitable crash.
    
    - CVE-2019-17008 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in Firefox before 71.0
    and Thunderbird before 68.3. When using nested workers, a use-after-
    free could occur during worker destruction. This resulted in a
    potentially exploitable crash.
    
    - CVE-2019-17010 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in Firefox before 71.0
    and Thunderbird before 68.3. Under certain conditions, when checking
    the Resist Fingerprinting preference during device orientation checks,
    a race condition could have caused a use-after-free and a potentially
    exploitable crash.
    
    - CVE-2019-17011 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in Firefox before 71.0
    and Thunderbird before 68.3. Under certain conditions, when retrieving
    a document from a DocShell in the antitracking code, a race condition
    could cause a use-after-free condition and a potentially exploitable
    crash.
    
    - CVE-2019-17012 (arbitrary code execution)
    
    Several memory safety bugs have been found in Firefox before 71.0 and
    Thunderbird before 68.3. Some of these bugs showed evidence of memory
    corruption and Mozilla presumes that with enough effort some of these
    could have been exploited to run arbitrary code.
    
    Impact
    ======
    
    A remote attacker can execute arbitrary code on the affected host.
    
    References
    ==========
    
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11745
    https://bugzilla.mozilla.org/show_bug.cgi?id=1586176
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17005
    https://bugzilla.mozilla.org/show_bug.cgi?id=1584170
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17008
    https://bugzilla.mozilla.org/show_bug.cgi?id=1546331
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17010
    https://bugzilla.mozilla.org/show_bug.cgi?id=1581084
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17011
    https://bugzilla.mozilla.org/show_bug.cgi?id=1591334
    https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17012
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1449736%2C1533957%2C1560667%2C1567209%2C1580288%2C1585760%2C1592502
    https://security.archlinux.org/CVE-2019-11745
    https://security.archlinux.org/CVE-2019-17005
    https://security.archlinux.org/CVE-2019-17008
    https://security.archlinux.org/CVE-2019-17010
    https://security.archlinux.org/CVE-2019-17011
    https://security.archlinux.org/CVE-2019-17012
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"5","type":"x","order":"1","pct":100,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.