AVG-385

Package thunderbird
Status Fixed
Severity Critical
Type multiple issues
Affected 52.2.1-1
Fixed 52.3.0-1
Current 52.6.0-2 [extra]
Ticket None
Created Mon Aug 21 16:18:01 2017
Issue Severity Remote Type Description
CVE-2017-7809 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when an editor DOM node is deleted prematurely during tree traversal while...
CVE-2017-7807 High Yes Content spoofing
A domain hijacking flaw has been found in firefox < 55.0 and thunderbird < 52.3. A mechanism that uses AppCache to hijack a URL in a domain using fallback...
CVE-2017-7803 Medium Yes Access restriction bypass
A security issue has been found in firefox < 55.0 and thunderbird < 52.3. When a page’s content security policy (CSP) header contains a sandbox directive,...
CVE-2017-7802 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating the DOM during the resize event of an image...
CVE-2017-7801 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, while re-computing layout for a marquee element during window resizing where...
CVE-2017-7800 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, in WebSockets, when the object holding the connection is freed before the...
CVE-2017-7792 High Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when viewing a certificate in the certificate manager if the certificate has an...
CVE-2017-7791 Medium Yes Content spoofing
A content spoofing issue has been found in firefox < 55.0 and thunderbird < 52.3. On pages containing an iframe, the data: protocol can be used to create a...
CVE-2017-7787 High Yes Same-origin policy bypass
Same-origin policy protections can be bypassed in firefox < 55.0 and thunderbird < 52.3, on pages with embedded iframes during page reloads, allowing the...
CVE-2017-7786 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when the image renderer attempts to paint non-displayable SVG elements. This...
CVE-2017-7785 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating Accessible Rich Internet Applications (ARIA) attributes within...
CVE-2017-7784 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when reading an image observer during frame reconstruction after the...
CVE-2017-7779 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in firefox < 55.0 and thunderbird < 52.3. Some of these bugs showed evidence of memory corruption and we presume...
CVE-2017-7753 High Yes Information disclosure
An out-of-bounds read  has been found in firefox < 55.0 and thunderbird < 52.3, when applying style rules to pseudo-elements, such as ::first-line, using...
Date Advisory Package Description
23 Aug 2017 ASA-201708-18 thunderbird multiple issues