Linux Security
    Linux Security
    Linux Security

    Mageia 2020-0462: thunderbird security update

    Date 17 Dec 2020
    308
    Posted By LinuxSecurity Advisories
    When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read (CVE-2020-16042). Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow in WebGL on some video drivers (CVE-2020-26971).
    MGASA-2020-0462 - Updated thunderbird packages fix security vulnerabilities
    
    Publication date: 17 Dec 2020
    URL: https://advisories.mageia.org/MGASA-2020-0462.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-16042,
         CVE-2020-26971,
         CVE-2020-26973,
         CVE-2020-26974,
         CVE-2020-26978,
         CVE-2020-35111,
         CVE-2020-35113
    
    When a BigInt was right-shifted the backing store was not properly cleared,
    allowing uninitialized memory to be read (CVE-2020-16042).
    
    Certain blit values provided by the user were not properly constrained leading
    to a heap buffer overflow in WebGL on some video drivers (CVE-2020-26971).
    
    Certain input to the CSS Sanitizer confused it, resulting in incorrect
    components being removed. This could have been used as a sanitizer bypass
    (CVE-2020-26973).
    
    When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object
    could have been incorrectly cast to the wrong type. This resulted in a heap
    user-after-free, memory corruption, and a potentially exploitable crash
    (CVE-2020-26974).
    
    Using techniques that built on the slipstream research, a malicious webpage
    could have exposed both an internal network's hosts as well as services running
    on the user's local machine (CVE-2020-26978).
    
    When an extension with the proxy permission registered to receive ,
    the proxy.onRequest callback was not triggered for view-source URLs. While web
    content cannot navigate to such URLs, a user opening View Source could have
    inadvertently leaked their IP address (CVE-2020-35111).
    
    Mozilla developer Christian Holler reported memory safety bugs present in
    Thunderbird 78.5. Some of these bugs showed evidence of memory corruption and
    we presume that with enough effort some of these could have been exploited to
    run arbitrary code (CVE-2020-35113).
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=27826
    - https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/
    - https://www.thunderbird.net/en-US/thunderbird/78.6.0/releasenotes/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26971
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26973
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26974
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26978
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35111
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35113
    
    SRPMS:
    - 7/core/thunderbird-78.6.0-1.mga7
    - 7/core/thunderbird-l10n-78.6.0-1.mga7
    

    Advisories

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.