Security update for MozillaThunderbird SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:3307-1 Final 1 1 2016-12-30T17:01:32Z current 2016-12-30T17:01:32Z 2016-12-30T17:01:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaThunderbird This update to Mozilla Thunderbird 45.6.0 fixes security issues and bugs. In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. The following vulnerabilities were fixed: (boo#1015422) - CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements - CVE-2016-9895: CSP bypass using marquee tag - CVE-2016-9897: Memory corruption in libGLES - CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees - CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs - CVE-2016-9904: Cross-origin information leak in shared atoms - CVE-2016-9905: Crash in EnumerateSubDocuments - CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6 The following bugs were fixed: - The system integration dialog was shown every time when starting Thunderbird The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2016-1531 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://www.suse.com/security/cve/CVE-2016-9893/ SUSE CVE CVE-2016-9893 page https://www.suse.com/security/cve/CVE-2016-9895/ SUSE CVE CVE-2016-9895 page https://www.suse.com/security/cve/CVE-2016-9897/ SUSE CVE CVE-2016-9897 page https://www.suse.com/security/cve/CVE-2016-9898/ SUSE CVE CVE-2016-9898 page https://www.suse.com/security/cve/CVE-2016-9899/ SUSE CVE CVE-2016-9899 page https://www.suse.com/security/cve/CVE-2016-9900/ SUSE CVE CVE-2016-9900 page https://www.suse.com/security/cve/CVE-2016-9904/ SUSE CVE CVE-2016-9904 page https://www.suse.com/security/cve/CVE-2016-9905/ SUSE CVE CVE-2016-9905 page SUSE Package Hub 12 MozillaThunderbird-45.6.0-20.1 MozillaThunderbird-buildsymbols-45.6.0-20.1 MozillaThunderbird-devel-45.6.0-20.1 MozillaThunderbird-translations-common-45.6.0-20.1 MozillaThunderbird-translations-other-45.6.0-20.1 MozillaThunderbird-45.6.0-20.1 as a component of SUSE Package Hub 12 MozillaThunderbird-buildsymbols-45.6.0-20.1 as a component of SUSE Package Hub 12 MozillaThunderbird-devel-45.6.0-20.1 as a component of SUSE Package Hub 12 MozillaThunderbird-translations-common-45.6.0-20.1 as a component of SUSE Package Hub 12 MozillaThunderbird-translations-other-45.6.0-20.1 as a component of SUSE Package Hub 12 Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. CVE-2016-9893 SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9893.html CVE-2016-9893 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542 Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. CVE-2016-9895 SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9895.html CVE-2016-9895 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542 Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. CVE-2016-9897 SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9897.html CVE-2016-9897 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542 Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. CVE-2016-9898 SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9898.html CVE-2016-9898 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542 Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. CVE-2016-9899 SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9899.html CVE-2016-9899 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542 External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. CVE-2016-9900 SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9900.html CVE-2016-9900 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542 An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. CVE-2016-9904 SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9904.html CVE-2016-9904 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542 A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. CVE-2016-9905 SUSE Package Hub 12:MozillaThunderbird-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.6.0-20.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.6.0-20.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9905.html CVE-2016-9905 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542