AVG-530

Package thunderbird
Status Fixed
Severity Critical
Type multiple issues
Affected 52.4.0-2
Fixed 52.5.0-1
Current 60.4.0-1 [extra]
Ticket None
Created Thu Nov 30 12:24:26 2017
Issue Severity Remote Type Description
CVE-2017-7830 High Yes Same-origin policy bypass
The Resource Timing API in Firefox before 57.0 and Thunderbird before 52.5 incorrectly revealed navigations in cross-origin iframes. This is a same-origin...
CVE-2017-7828 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 57.0 and Thunderbird before 52.5 when flushing and resizing layout because the PressShell object...
CVE-2017-7826 Critical Yes Arbitrary code execution
Several reported memory safety bugs have been found in Firefox before 57.0 and Thunderbird before 52.5. Some of these bugs showed evidence of memory...
Date Advisory Package Description
30 Nov 2017 ASA-201711-43 thunderbird multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/