ArchLinux: 202003-11: thunderbird: multiple issues

    Date16 Mar 2020
    101
    Posted ByLinuxSecurity Advisories
    The package thunderbird before version 68.6.0-1 is vulnerable to multiple issues including arbitrary code execution, arbitrary command execution and information disclosure.
    Arch Linux Security Advisory ASA-202003-11
    ==========================================
    
    Severity: Critical
    Date    : 2020-03-16
    CVE-ID  : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807
              CVE-2020-6811  CVE-2020-6812 CVE-2020-6814
    Package : thunderbird
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1115
    
    Summary
    =======
    
    The package thunderbird before version 68.6.0-1 is vulnerable to
    multiple issues including arbitrary code execution, arbitrary command
    execution and information disclosure.
    
    Resolution
    ==========
    
    Upgrade to 68.6.0-1.
    
    # pacman -Syu "thunderbird>=68.6.0-1"
    
    The problems have been fixed upstream in version 68.6.0.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-20503 (information disclosure)
    
    An out-of-bounds read has been found in Firefox before 74 and
    Thunderbird before 68.6. The inputs to sctp_load_addresses_from_init
    are verified by sctp_arethere_unrecognized_parameters; however, the two
    functions handled parameter bounds differently, resulting in out of
    bounds reads when parameters are partially outside a chunk.
    
    - CVE-2020-6805 (arbitrary code execution)
    
    A use-after-free issue has been found in Firefox before 74 and
    Thunderbird before 68.6. When removing data about an origin whose tab
    was recently closed, a use-after-free could occur in the Quota manager,
    resulting in a potentially exploitable crash.
    
    - CVE-2020-6806 (arbitrary code execution)
    
    A state confusion issue has been found in Firefox before 74 and
    Thunderbird before 68.6, in BodyStream::OnInputStreamReady. By
    carefully crafting promise resolutions, it was possible to cause an
    out-of-bounds read off the end of an array resized during script
    execution. This could have led to memory corruption and a potentially
    exploitable crash.
    
    - CVE-2020-6807 (arbitrary code execution)
    
    A use-after-free issue has been found in Firefox before 74 and
    Thunderbird before 68.6, in cubeb  during stream destruction. When a
    device was changed while a stream was about to be destroyed, the
    stream-reinit task may have been executed after the stream was
    destroyed, causing a use-after-free and a potentially exploitable
    crash.
    
    - CVE-2020-6811 (arbitrary command execution)
    
    A security issue has been found in Firefox before 74 and Thunderbird
    before 68.6, where the 'Copy as cURL' feature of Devtools' network tab
    did not properly escape the HTTP method of a request, which can be
    controlled by the website. If a user used the 'Copy as Curl' feature
    and pasted the command into a terminal, it could have resulted in
    command injection and arbitrary command execution.
    
    - CVE-2020-6812 (information disclosure)
    
    An information disclosure issue has been found in Firefox before 74 and
    Thunderbird before 68.6. The first time AirPods are connected to an
    iPhone, they become named after the user's name by default (e.g. Jane
    Doe's AirPods.) Websites with camera or microphone permission are able
    to enumerate device names, disclosing the user's name. To resolve this
    issue, Firefox added a special case that renames devices containing the
    substring 'AirPods' to simply 'AirPods'.
    
    - CVE-2020-6814 (arbitrary code execution)
    
    Several memory safety and script safety bugs have been found in Firefox
    before 74, Firefox ESR before 68.6 and Thunderbird before 68.6. Some of
    these bugs showed evidence of memory corruption or escalation of
    privilege and Mozilla presumes that with enough effort some of these
    could have been exploited to run arbitrary code.
    
    Impact
    ======
    
    A remote attacker can access sensitive information and execute
    arbitrary commands and code on the affected host.
    
    References
    ==========
    
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503
    https://bugzilla.mozilla.org/show_bug.cgi?id=1613765
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6805
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6805
    https://bugzilla.mozilla.org/show_bug.cgi?id=1610880
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6806
    https://bugzilla.mozilla.org/show_bug.cgi?id=1612308
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6807
    https://bugzilla.mozilla.org/show_bug.cgi?id=1614971
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6811
    https://bugzilla.mozilla.org/show_bug.cgi?id=1607742
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6812
    https://bugzilla.mozilla.org/show_bug.cgi?id=1616661
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6814
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6814
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1592078%2C1604847%2C1608256%2C1612636%2C1614339
    https://security.archlinux.org/CVE-2019-20503
    https://security.archlinux.org/CVE-2020-6805
    https://security.archlinux.org/CVE-2020-6806
    https://security.archlinux.org/CVE-2020-6807
    https://security.archlinux.org/CVE-2020-6811
    https://security.archlinux.org/CVE-2020-6812
    https://security.archlinux.org/CVE-2020-6814
    
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"48","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"4","type":"x","order":"2","pct":7.41,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.7,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.