AVG-728

Package thunderbird
Status Fixed
Severity Critical
Type multiple issues
Affected 52.8.0-1
Fixed 52.9.1-1
Current 60.0-4 [extra]
Ticket None
Created Thu Jul 5 15:37:01 2018
Issue Severity Remote Type Description
CVE-2018-5188 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 52.9. Some of these bugs showed evidence of memory corruption and...
CVE-2018-12374 Low Yes Information disclosure
A security issue has been found in Thunderbird before 52.9, where plaintext of decrypted emails can leak through by user submitting an embedded form by...
CVE-2018-12373 High Yes Information disclosure
A security issue has been found in Thunderbird before 52.9, where S/MIME parts hidden with CSS or <plaintext> can leak plaintext when included in a HTML...
CVE-2018-12372 High Yes Information disclosure
A security issue has been found in Thunderbird before 52.9, where decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext...
CVE-2018-12366 Medium Yes Information disclosure
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value, in Firefox before 61.0...
CVE-2018-12365 Medium No Information disclosure
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9 where a compromised IPC child process can escape the content sandbox and...
CVE-2018-12364 High Yes Cross-site request forgery
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9, where NPAPI plugins, such as Adobe Flash, can send non- simple...
CVE-2018-12363 High Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when script uses mutation events to move DOM nodes between...
CVE-2018-12362 High Yes Arbitrary code execution
An integer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 during graphics operations done by the Supplemental Streaming SIMD...
CVE-2018-12360 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when deleting an input element during a mutation event handler...
CVE-2018-12359 Critical Yes Arbitrary code execution
A buffer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 when rendering canvas content while adjusting the height and width of the...
Date Advisory Package Description
16 Jul 2018 ASA-201807-4 thunderbird multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-18