Arch Linux Security Advisory ASA-202012-23
=========================================
Severity: High
Date    : 2020-12-16
CVE-ID  : CVE-2020-16042 CVE-2020-26970 CVE-2020-26971 CVE-2020-26973
          CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113
Package : thunderbird
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1315

Summary
======
The package thunderbird before version 78.6.0-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing
and information disclosure.

Resolution
=========
Upgrade to 78.6.0-1.

# pacman -Syu "thunderbird>=78.6.0-1"

The problems have been fixed upstream in version 78.6.0.

Workaround
=========
None.

Description
==========
- CVE-2020-16042 (information disclosure)

An uninitialized use security issue has been found in the V8 component
of the chromium browser before version 87.0.4280.88 and Firefox before
84.0.

- CVE-2020-26970 (arbitrary code execution)

When reading SMTP server status codes, Thunderbird before 78.5.1 writes
an integer value to a position on the stack that is intended to contain
just one byte. Depending on processor architecture and stack layout,
this leads to stack corruption that may be exploitable.

- CVE-2020-26971 (arbitrary code execution)

A security issue was found in Firefox before 84.0 and Thunderbird
before 78.6 where certain blit values provided by the user were not
properly constrained, leading to a heap buffer overflow on some video
drivers.

- CVE-2020-26973 (content spoofing)

A security issue was found in Firefox before 84.0 and Thunderbird
before 78.6 where certain input to the CSS Sanitizer confused it,
resulting in incorrect components being removed. This could have been
used as a sanitizer bypass.

- CVE-2020-26974 (arbitrary code execution)

A security issue was found in Firefox before 84.0 and Thunderbird
before 78.6. When flex-basis was used on a table wrapper, a
StyleGenericFlexBasis object could have been incorrectly cast to the
wrong type. This resulted in a heap user-after-free, memory corruption,
and a potentially exploitable crash.

- CVE-2020-26978 (information disclosure)

A security issue was discovered in Firefox before 84.0 and Thunderbird
before 78.6. Using techniques that built on the slipstream research, a
malicious webpage could have exposed both an internal network's hosts
as well as services running on the user's local machine.

- CVE-2020-35111 (information disclosure)

A security issue was discovered in Firefox before 84.0 and Thunderbird
before 78.6. When an extension with the proxy permission registered to
receive , the proxy.onRequest callback was not triggered for
view-source URLs. While web content cannot navigate to such URLs, a
user opening View Source could have inadvertently leaked their IP
address.

- CVE-2020-35113 (arbitrary code execution)

Mozilla developer Christian Holler reported memory safety bugs present
in Firefox 83, Firefox ESR 78.5 and Thunderbird 78.5. Some of these
bugs showed evidence of memory corruption and Mozilla presumes that
with enough effort some of these could have been exploited to run
arbitrary code.

Impact
=====
A remote attacker might be able to access sensitive information, spoof
content or execute arbitrary code. Note that in general these flaws
cannot be exploited through email in the Thunderbird product because
scripting is disabled when reading mail, but are potentially risks in
browser or browser-like contexts.

References
=========
https://bugs.archlinux.org/task/68853
https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
https://bugs.chromium.org/p/chromium/issues/detail
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-16042
https://bugzilla.mozilla.org/show_bug.cgi?id=1679003
https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970
https://bugzilla.mozilla.org/show_bug.cgi?id=1677338
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26971
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26971
https://bugzilla.mozilla.org/show_bug.cgi?id=1663466
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26973
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26973
https://bugzilla.mozilla.org/show_bug.cgi?id=1680084
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26974
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26974
https://bugzilla.mozilla.org/show_bug.cgi?id=1681022
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26978
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26978
https://bugzilla.mozilla.org/show_bug.cgi?id=1677047
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35111
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35111
https://bugzilla.mozilla.org/show_bug.cgi?id=1657916
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35113
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35113
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664831%2C1673589
https://security.archlinux.org/CVE-2020-16042
https://security.archlinux.org/CVE-2020-26970
https://security.archlinux.org/CVE-2020-26971
https://security.archlinux.org/CVE-2020-26973
https://security.archlinux.org/CVE-2020-26974
https://security.archlinux.org/CVE-2020-26978
https://security.archlinux.org/CVE-2020-35111
https://security.archlinux.org/CVE-2020-35113

ArchLinux: 202012-23: thunderbird: multiple issues

December 31, 2020

Summary

- CVE-2020-16042 (information disclosure) An uninitialized use security issue has been found in the V8 component of the chromium browser before version 87.0.4280.88 and Firefox before 84.0.
- CVE-2020-26970 (arbitrary code execution)
When reading SMTP server status codes, Thunderbird before 78.5.1 writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable.
- CVE-2020-26971 (arbitrary code execution)
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6 where certain blit values provided by the user were not properly constrained, leading to a heap buffer overflow on some video drivers.
- CVE-2020-26973 (content spoofing)
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6 where certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass.
- CVE-2020-26974 (arbitrary code execution)
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6. When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash.
- CVE-2020-26978 (information disclosure)
A security issue was discovered in Firefox before 84.0 and Thunderbird before 78.6. Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.
- CVE-2020-35111 (information disclosure)
A security issue was discovered in Firefox before 84.0 and Thunderbird before 78.6. When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address.
- CVE-2020-35113 (arbitrary code execution)
Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83, Firefox ESR 78.5 and Thunderbird 78.5. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could have been exploited to run arbitrary code.

Resolution

Upgrade to 78.6.0-1. # pacman -Syu "thunderbird>=78.6.0-1"
The problems have been fixed upstream in version 78.6.0.

References

https://bugs.archlinux.org/task/68853 https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/ https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-16042 https://bugzilla.mozilla.org/show_bug.cgi?id=1679003 https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970 https://bugzilla.mozilla.org/show_bug.cgi?id=1677338 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26971 https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26971 https://bugzilla.mozilla.org/show_bug.cgi?id=1663466 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26973 https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26973 https://bugzilla.mozilla.org/show_bug.cgi?id=1680084 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26974 https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26974 https://bugzilla.mozilla.org/show_bug.cgi?id=1681022 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26978 https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26978 https://bugzilla.mozilla.org/show_bug.cgi?id=1677047 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35111 https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35111 https://bugzilla.mozilla.org/show_bug.cgi?id=1657916 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35113 https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35113 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664831%2C1673589 https://security.archlinux.org/CVE-2020-16042 https://security.archlinux.org/CVE-2020-26970 https://security.archlinux.org/CVE-2020-26971 https://security.archlinux.org/CVE-2020-26973 https://security.archlinux.org/CVE-2020-26974 https://security.archlinux.org/CVE-2020-26978 https://security.archlinux.org/CVE-2020-35111 https://security.archlinux.org/CVE-2020-35113

Severity
CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113
Package : thunderbird
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1315

Workaround

None.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved