Security update for MozillaThunderbird SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0026-1 Final 1 1 2017-01-04T17:39:26Z current 2017-01-04T17:39:26Z 2017-01-04T17:39:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaThunderbird This update to Mozilla Thunderbird 45.6.0 fixes security issues and bugs. In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. The following vulnerabilities were fixed: (boo#1015422) - CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements - CVE-2016-9895: CSP bypass using marquee tag - CVE-2016-9897: Memory corruption in libGLES - CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees - CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs - CVE-2016-9904: Cross-origin information leak in shared atoms - CVE-2016-9905: Crash in EnumerateSubDocuments - CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6 The following bugs were fixed: - The system integration dialog was shown every time when starting Thunderbird The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-01/msg00013.html E-Mail link for openSUSE-SU-2017:0026-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings MozillaThunderbird-45.6.0-70.95.1 MozillaThunderbird-buildsymbols-45.6.0-70.95.1 MozillaThunderbird-devel-45.6.0-70.95.1 MozillaThunderbird-translations-common-45.6.0-70.95.1 MozillaThunderbird-translations-other-45.6.0-70.95.1 Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. CVE-2016-9893 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00013.html https://www.suse.com/security/cve/CVE-2016-9893.html CVE-2016-9893 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542 Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. CVE-2016-9895 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00013.html https://www.suse.com/security/cve/CVE-2016-9895.html CVE-2016-9895 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542 Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. CVE-2016-9897 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00013.html https://www.suse.com/security/cve/CVE-2016-9897.html CVE-2016-9897 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542 Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. CVE-2016-9898 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00013.html https://www.suse.com/security/cve/CVE-2016-9898.html CVE-2016-9898 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542 Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. CVE-2016-9899 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00013.html https://www.suse.com/security/cve/CVE-2016-9899.html CVE-2016-9899 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542 External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. CVE-2016-9900 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00013.html https://www.suse.com/security/cve/CVE-2016-9900.html CVE-2016-9900 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542 An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. CVE-2016-9904 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00013.html https://www.suse.com/security/cve/CVE-2016-9904.html CVE-2016-9904 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542 A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. CVE-2016-9905 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00013.html https://www.suse.com/security/cve/CVE-2016-9905.html CVE-2016-9905 https://bugzilla.suse.com/1015422 SUSE Bug 1015422 https://bugzilla.suse.com/1015527 SUSE Bug 1015527 https://bugzilla.suse.com/1015528 SUSE Bug 1015528 https://bugzilla.suse.com/1015529 SUSE Bug 1015529 https://bugzilla.suse.com/1015530 SUSE Bug 1015530 https://bugzilla.suse.com/1015531 SUSE Bug 1015531 https://bugzilla.suse.com/1015533 SUSE Bug 1015533 https://bugzilla.suse.com/1015534 SUSE Bug 1015534 https://bugzilla.suse.com/1015535 SUSE Bug 1015535 https://bugzilla.suse.com/1015536 SUSE Bug 1015536 https://bugzilla.suse.com/1015537 SUSE Bug 1015537 https://bugzilla.suse.com/1015538 SUSE Bug 1015538 https://bugzilla.suse.com/1015540 SUSE Bug 1015540 https://bugzilla.suse.com/1015541 SUSE Bug 1015541 https://bugzilla.suse.com/1015542 SUSE Bug 1015542