AVG-441 log

Package thunderbird
Status Fixed
Severity Critical
Type multiple issues
Affected 52.3.0-2
Fixed 52.4.0-1
Current 128.5.2-1 [extra-testing]
128.5.1-1 [extra]
Ticket None
Created Thu Oct 12 16:59:36 2017
Issue Severity Remote Type Description
CVE-2017-7824 Critical Yes Arbitrary code execution
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content in Thunderbird < 52.4. This is due to...
CVE-2017-7823 Medium Yes Cross-site scripting
The content security policy (CSP) sandbox directive in Thunderbird < 52.4  did not create a unique origin for the document, causing it to behave as if the...
CVE-2017-7819 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from...
CVE-2017-7818 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the...
CVE-2017-7814 Medium Yes Access restriction bypass
A security issue has been found in Thunderbird < 52.4. File downloads encoded with blob: and data: URL elements bypassed normal file download checks though...
CVE-2017-7810 Critical Yes Arbitrary code execution
Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported...
CVE-2017-7805 Critical Yes Arbitrary code execution
A security issue has been found in Thunderbird < 52.4. During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved...
CVE-2017-7793 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in the Fetch API of Thunderbird < 52.4, when the worker or the associated window are freed when still in use,...
Date Advisory Package Type
12 Oct 2017 ASA-201710-19 thunderbird multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23