Advisories » MGASA-2017-0039

Updated thunderbird packages fix security vulnerabilities

Publication date: 03 Feb 2017
Modification date: 03 Feb 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5375 , CVE-2017-5376 , CVE-2017-5378 , CVE-2017-5380 , CVE-2017-5390 , CVE-2017-5396 , CVE-2017-5383 , CVE-2017-5373

Description

JIT code allocation can allow for a bypass of ASLR and DEP protections
leading to potential memory corruption attacks. (CVE-2017-5375)

Use-after-free while manipulating XSL in XSLT documents. (CVE-2017-5376)

Hashed codes of JavaScript objects are shared between pages. This allows
for pointer leaks because an object’s address can be discovered through
hash codes, and also allows for data leakage of an object’s content
using these hash codes. (CVE-2017-5378)

A potential use-after-free found through fuzzing during DOM manipulation
of SVG content. (CVE-2017-5380)

The JSON viewer in the Developer Tools uses insecure methods to create a
communication channel for copying and viewing JSON or HTTP headers data,
allowing for potential privilege escalation. (CVE-2017-5390)

A use-after-free vulnerability in the Media Decoder when working with
media files when some events are fired after the media elements are
freed from memory. (CVE-2017-5396)

URLs containing certain unicode glyphs for alternative hyphens and
quotes do not properly trigger punycode display, allowing for domain
name spoofing attacks in the location bar. (CVE-2017-5383)

Mozilla developers and community members Christian Holler, Gary Kwong,
André Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory
safety bugs present in Thunderbird 45.6. Some of these bugs showed
evidence of memory corruption and we presume that with enough effort
that some of these could be exploited to run arbitrary code.
(CVE-2017-5373)

References

SRPMS

5/core