Arch Linux Security Advisory ASA-201703-2 ========================================= Severity: Critical Date : 2017-03-10 CVE-ID : CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 Package : thunderbird Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-193 Summary ======= The package thunderbird before version 45.8.0-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and content spoofing. Resolution ========== Upgrade to 45.8.0-1. # pacman -Syu "thunderbird>=45.8.0-1" The problems have been fixed upstream in version 45.8.0. Workaround ========== None. Description =========== - CVE-2017-5398 (arbitrary code execution) Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52 and Thunderbird < 45.8. - CVE-2017-5400 (arbitrary code execution) JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. - CVE-2017-5401 (arbitrary code execution) A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. - CVE-2017-5402 (arbitrary code execution) A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. - CVE-2017-5404 (arbitrary code execution) A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. - CVE-2017-5405 (content spoofing) Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. - CVE-2017-5407 (information disclosure) Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. - CVE-2017-5408 (information disclosure) Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. - CVE-2017-5410 (arbitrary code execution) Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. Impact ====== A remote attacker can access sensitive information, force a user to connect to a spoofed FTP port or execute arbitrary code on the affected host. References ========== https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5398 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5400 https://bugzilla.mozilla.org/show_bug.cgi?id=1334933 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401 https://bugzilla.mozilla.org/show_bug.cgi?id=1328861 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402 https://bugzilla.mozilla.org/show_bug.cgi?id=1334876 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5404 https://bugzilla.mozilla.org/show_bug.cgi?id=1340138 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405 https://bugzilla.mozilla.org/show_bug.cgi?id=1336699 https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407 https://bugzilla.mozilla.org/show_bug.cgi?id=1336622 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408 https://bugzilla.mozilla.org/show_bug.cgi?id=1313711 https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5410 https://bugzilla.mozilla.org/show_bug.cgi?id=1330687 https://security.archlinux.org/CVE-2017-5398 https://security.archlinux.org/CVE-2017-5400 https://security.archlinux.org/CVE-2017-5401 https://security.archlinux.org/CVE-2017-5402 https://security.archlinux.org/CVE-2017-5404 https://security.archlinux.org/CVE-2017-5405 https://security.archlinux.org/CVE-2017-5407 https://security.archlinux.org/CVE-2017-5408 https://security.archlinux.org/CVE-2017-5410