Mageia: 2018-0480 Moderate: Thunderbird Buffer Overflow and More

mageia

December 15, 2018

- Buffer overflow using computed size of canvas element

Summary

- Buffer overflow using computed size of canvas element. (CVE-2018-12359)
- Use-after-free when using focus(). (CVE-2018-12360)
- Integer overflow in SwizzleData. (CVE-2018-12361)
- Integer overflow in SSSE3 scaler. (CVE-2018-12362)
- Media recorder segmentation fault when track type is changed during capture. (CVE-2018-5156)
- Use-after-free when appending DOM nodes. (CVE-2018-12363)
- CSRF attacks through 307 redirects and NPAPI plugins. (CVE-2018-12364)
- Compromised IPC child process can list local filenames. (CVE-2018-12365)
- Integer overflow in Skia library during edge builder allocation. (CVE-2018-12371)
- Invalid data handling during QCMS transformations. (CVE-2018-12366)
- Timing attack mitigation of PerformanceNavigationTiming. (CVE-2018-12367)
- No warning when opening executable SettingContent-ms files. (CVE-2018-12368)
- Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60. (CVE-2018-5187)
- Memory safety bugs fixed in Firefox 61, Firefox ESR 60...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=23706

- https://www.thunderbird.net/en-US/thunderbird/60.3.0/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/60.3.1/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/60.3.2/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/60.3.3/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/

- https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/

- https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/

- https://lists.debian.org/debian-security-announce/2018/msg00258.html

- https://access.redhat.com/errata/RHSA-2018:3458

- - https://access.redhat.com/errata/RHSA-2018:3532

- https://lists.debian.org/debian-security-announce/2018/msg00269.html

- https://www.cve.org/CVERecord?id=CVE-2017-16541

- https://www.cve.org/CVERecord?id=CVE-2018-5156

- https://www.cve.org/CVERecord?id=CVE-2018-5187

- https://www.cve.org/CVERecord?id=CVE-2018-5188

- https://www.cve.org/CVERecord?id=CVE-2018-12359

- https://www.cve.org/CVERecord?id=CVE-2018-12360

- https://www.cve.org/CVERecord?id=CVE-2018-12361

- https://www.cve.org/CVERecord?id=CVE-2018-12362

- https://www.cve.org/CVERecord?id=CVE-2018-12363

- https://www.cve.org/CVERecord?id=CVE-2018-12364

- https://www.cve.org/CVERecord?id=CVE-2018-12365

- https://www.cve.org/CVERecord?id=CVE-2018-12366

- https://www.cve.org/CVERecord?id=CVE-2018-12367

- https://www.cve.org/CVERecord?id=CVE-2018-12368

- https://www.cve.org/CVERecord?id=CVE-2018-12371

- https://www.cve.org/CVERecord?id=CVE-2018-12376

- https://www.cve.org/CVERecord?id=CVE-2018-12377

- https://www.cve.org/CVERecord?id=CVE-2018-12378

- https://www.cve.org/CVERecord?id=CVE-2018-12379

- https://www.cve.org/CVERecord?id=CVE-2018-12383

- https://www.cve.org/CVERecord?id=CVE-2018-12385

- https://www.cve.org/CVERecord?id=CVE-2018-12389

- https://www.cve.org/CVERecord?id=CVE-2018-12390

- https://www.cve.org/CVERecord?id=CVE-2018-12391

- https://www.cve.org/CVERecord?id=CVE-2018-12392

- https://www.cve.org/CVERecord?id=CVE-2018-12393

Topics Covered

security advisory buffer overflow integer overflow thunderbird CSRF attack use-after-free mageia

Resolution

SRPMS

- 6/core/thunderbird-60.3.3-3.mga6

- 6/core/thunderbird-l10n-60.3.3-1.mga6

Severity

important

Lowest

Low

Medium

High

Critical

Publication date: 15 Dec 2018

URL: https://advisories.mageia.org/MGASA-2018-0480.html

Type: security

CVE: CVE-2017-16541, CVE-2018-5156, CVE-2018-5187, CVE-2018-5188, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12371, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12383, CVE-2018-12385, CVE-2018-12389, CVE-2018-12390, CVE-2018-12391, CVE-2018-12392, CVE-2018-12393

Topics Covered

security advisory buffer overflow integer overflow thunderbird CSRF attack use-after-free mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: 2018-0480 Moderate: Thunderbird Buffer Overflow and More

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: 2018-0480 Moderate: Thunderbird Buffer Overflow and More

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!