Security update for MozillaThunderbird SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0687-1 Final 1 1 2017-03-14T14:03:02Z current 2017-03-14T14:03:02Z 2017-03-14T14:03:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaThunderbird This update to Mozilla Thunderbird 45.8.0 fixes security issues and bugs. The following security issues from advisory MFSA 2017-07 were fixed. (boo#1028391) In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts: - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP - CVE-2017-5401: Memory Corruption when handling ErrorResult - CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876) - CVE-2017-5404: Use-after-free working with ranges in selections - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699) - CVE-2017-5398: Memory safety bugs fixed in Thunderbird 45.8 The following non-security issues were fixed: - crash when viewing certain IMAP messages The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2017-345 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1028391 SUSE Bug 1028391 https://www.suse.com/security/cve/CVE-2017-5398/ SUSE CVE CVE-2017-5398 page https://www.suse.com/security/cve/CVE-2017-5400/ SUSE CVE CVE-2017-5400 page https://www.suse.com/security/cve/CVE-2017-5401/ SUSE CVE CVE-2017-5401 page https://www.suse.com/security/cve/CVE-2017-5402/ SUSE CVE CVE-2017-5402 page https://www.suse.com/security/cve/CVE-2017-5404/ SUSE CVE CVE-2017-5404 page https://www.suse.com/security/cve/CVE-2017-5405/ SUSE CVE CVE-2017-5405 page https://www.suse.com/security/cve/CVE-2017-5407/ SUSE CVE CVE-2017-5407 page https://www.suse.com/security/cve/CVE-2017-5408/ SUSE CVE CVE-2017-5408 page https://www.suse.com/security/cve/CVE-2017-5410/ SUSE CVE CVE-2017-5410 page SUSE Package Hub 12 MozillaThunderbird-45.8.0-27.1 MozillaThunderbird-buildsymbols-45.8.0-27.1 MozillaThunderbird-devel-45.8.0-27.1 MozillaThunderbird-translations-common-45.8.0-27.1 MozillaThunderbird-translations-other-45.8.0-27.1 MozillaThunderbird-45.8.0-27.1 as a component of SUSE Package Hub 12 MozillaThunderbird-buildsymbols-45.8.0-27.1 as a component of SUSE Package Hub 12 MozillaThunderbird-devel-45.8.0-27.1 as a component of SUSE Package Hub 12 MozillaThunderbird-translations-common-45.8.0-27.1 as a component of SUSE Package Hub 12 MozillaThunderbird-translations-other-45.8.0-27.1 as a component of SUSE Package Hub 12 Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. CVE-2017-5398 SUSE Package Hub 12:MozillaThunderbird-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.8.0-27.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5398.html CVE-2017-5398 https://bugzilla.suse.com/1028391 SUSE Bug 1028391 https://bugzilla.suse.com/1028393 SUSE Bug 1028393 JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. CVE-2017-5400 SUSE Package Hub 12:MozillaThunderbird-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.8.0-27.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5400.html CVE-2017-5400 https://bugzilla.suse.com/1028391 SUSE Bug 1028391 https://bugzilla.suse.com/1028393 SUSE Bug 1028393 A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. CVE-2017-5401 SUSE Package Hub 12:MozillaThunderbird-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.8.0-27.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5401.html CVE-2017-5401 https://bugzilla.suse.com/1028391 SUSE Bug 1028391 https://bugzilla.suse.com/1028393 SUSE Bug 1028393 A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. CVE-2017-5402 SUSE Package Hub 12:MozillaThunderbird-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.8.0-27.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5402.html CVE-2017-5402 https://bugzilla.suse.com/1028391 SUSE Bug 1028391 https://bugzilla.suse.com/1028393 SUSE Bug 1028393 A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. CVE-2017-5404 SUSE Package Hub 12:MozillaThunderbird-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.8.0-27.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5404.html CVE-2017-5404 https://bugzilla.suse.com/1028391 SUSE Bug 1028391 https://bugzilla.suse.com/1028393 SUSE Bug 1028393 Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. CVE-2017-5405 SUSE Package Hub 12:MozillaThunderbird-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.8.0-27.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5405.html CVE-2017-5405 https://bugzilla.suse.com/1028391 SUSE Bug 1028391 https://bugzilla.suse.com/1028393 SUSE Bug 1028393 Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. CVE-2017-5407 SUSE Package Hub 12:MozillaThunderbird-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.8.0-27.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5407.html CVE-2017-5407 https://bugzilla.suse.com/1028391 SUSE Bug 1028391 https://bugzilla.suse.com/1028393 SUSE Bug 1028393 Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. CVE-2017-5408 SUSE Package Hub 12:MozillaThunderbird-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.8.0-27.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5408.html CVE-2017-5408 https://bugzilla.suse.com/1028391 SUSE Bug 1028391 https://bugzilla.suse.com/1028393 SUSE Bug 1028393 Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. CVE-2017-5410 SUSE Package Hub 12:MozillaThunderbird-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-devel-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-common-45.8.0-27.1 SUSE Package Hub 12:MozillaThunderbird-translations-other-45.8.0-27.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5410.html CVE-2017-5410 https://bugzilla.suse.com/1028391 SUSE Bug 1028391 https://bugzilla.suse.com/1028393 SUSE Bug 1028393