Advisories ยป MGASA-2017-0180

Updated thunderbird packages fix security vulnerability and bugs

Publication date: 19 Jun 2017
Modification date: 19 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5472 , CVE-2017-7749 , CVE-2017-7750 , CVE-2017-7751 , CVE-2017-7752 , CVE-2017-7754 , CVE-2017-7756 , CVE-2017-7757 , CVE-2017-7778 , CVE-2017-7758 , CVE-2017-7763 , CVE-2017-7764 , CVE-2017-7765 , CVE-2017-5470

Description

* Use-after-free using destroyed node when regenerating trees
  (CVE-2017-5472).
* Use-after-free during docshell reloading (CVE-2017-7749).
* Use-after-free with track elements (CVE-2017-7750).
* Use-after-free with content viewer listeners (CVE-2017-7751).
* Use-after-free with IME input (CVE-2017-7752).
* Out-of-bounds read in WebGL with ImageInfo object (CVE-2017-7754).
* Use-after-free and use-after-scope logging XHR header errors
  (CVE-2017-7756).
* Use-after-free in IndexedDB (CVE-2017-7757).
* Vulnerabilities in the Graphite 2 library (CVE-2017-7778).
* Out-of-bounds read in Opus encoder (CVE-2017-7758).
* Mac fonts render some unicode characters as spaces (CVE-2017-7763).
* Domain spoofing with combination of Canadian Syllabics and other unicode
  blocks (CVE-2017-7764).
* Mark of the Web bypass when saving executable files (CVE-2017-7765).
* Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, and
  Thunderbird 52.2 (CVE-2017-5470).
* plus various bug fixes.

References

SRPMS

5/core