AVG-663 log

Package thunderbird
Status Fixed
Severity Critical
Type multiple issues
Affected 52.6.0-2
Fixed 52.7.0-1
Current 128.5.2-1 [extra-testing]
128.5.1-1 [extra]
Ticket None
Created Sat Mar 24 22:19:38 2018
Issue Severity Remote Type Description
CVE-2018-5146 Critical Yes Arbitrary code execution
An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are...
CVE-2018-5145 Critical Yes Arbitrary code execution
Various memory safety bugs have been found in Thunderbird < 52.7.0, some of them presenting evidence of memory corruption. Mozilla presumes that with enough...
CVE-2018-5144 High Yes Arbitrary code execution
An integer overflow can occur during conversion of text to some Unicode character sets in Thunderbird < 52.7.0, due to an unchecked length parameter.
CVE-2018-5129 High No Access restriction bypass
A lack of parameter validation on IPC messages results in a potential out-of-bounds write in Thunderbird < 52.7.0, through malformed IPC messages. This can...
CVE-2018-5127 Critical Yes Arbitrary code execution
A buffer overflow can occur in Thunderbird < 52.7.0 when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash.
CVE-2018-5125 Critical Yes Arbitrary code execution
Various memory safety bugs have been found in Thunderbird < 52.7.0 and Firefox < 59.0, some of them presenting evidence of memory corruption. Mozilla...
Date Advisory Package Type
24 Mar 2018 ASA-201803-22 thunderbird multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/