SB2017050803 - Red Hat update for Mozilla Thunderbird
Published: May 8, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 29 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2016-10195)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in name_parse() function in evdns.c within libevent library before 2.1.6-beta. A remote attacker can trigger out-of-bounds read and gain access to sensitive system memory.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
2) Stack-based buffer overflow (CVE-ID: CVE-2016-10196)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in evutil_parse_sockaddr_port() function in evutil.c within libevent library before 2.1.6-beta. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Out-of-bounds read (CVE-ID: CVE-2016-10197)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in search_make_new() function in evdns.c within libevent library before 2.1.6-beta. A remote attacker can trigger out-of-bounds read and gain access to sensitive system memory.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Memory corruption (CVE-ID: CVE-2017-5429)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to memory corruption errors. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
5) Use-after-free (CVE-ID: CVE-2017-5432)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error during certain text input selection. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
6) Use-after-free (CVE-ID: CVE-2017-5433)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error in SMIL animation functions, when pointers to animation elements in an array are dropped from the animation controller while still in use. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
7) Use-after-free (CVE-ID: CVE-2017-5434)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when redirecting focus handling. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
8) Use-after-free (CVE-ID: CVE-2017-5435)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error during transaction processing in the editor during design mode interactions. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
9) Out-of-bounds write (CVE-ID: CVE-2017-5436)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in the Graphite 2 library when processing Graphite fonts. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
10) Use-after-free (CVE-ID: CVE-2017-5438)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error during XSLT processing due to the result handler being held by a freed handler during handling. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Use-after-free (CVE-ID: CVE-2017-5439)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error during XSLT processing due to poor handling of template parameters. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
12) Use-after-free (CVE-ID: CVE-2017-5440)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
13) Use-after-free (CVE-ID: CVE-2017-5441)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when holding a selection during scroll events. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
14) Use-after-free (CVE-ID: CVE-2017-5442)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error during changes in style when manipulating DOM elements. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
15) Out-of-bounds write (CVE-ID: CVE-2017-5443)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error while decoding improperly formed BinHex format archives. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
16) Buffer overflow (CVE-ID: CVE-2017-5444)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error while parsing application/http-index-format format content when the header contains improperly formatted data. A remote attacker can trigger buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
17) Information disclosure (CVE-ID: CVE-2017-5445)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error when parsing application/http-index-format format content where uninitialized values are used to create an array. A remote attacker can read portions of uninitialized memory.
Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive information.
18) Out-of-bounds read (CVE-ID: CVE-2017-5446)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. A remote attacker can trigger out-of-bounds read and gain access to sensitive system memory.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
19) Out-of-bounds read (CVE-ID: CVE-2017-5447)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing glyph widths during text layout. A remote attacker can trigger out-of-bounds read and gain access to sensitive system memory.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
20) Improper input validation (CVE-ID: CVE-2017-5449)
The vulnerability allows a remote attacker to trigger browser crash.
The vulnerability exists due to improper input validation during layout and manipulation of bidirectional unicode text in concert with CSS animations.. A remote attacker can perform a denial of service (DoS) attack.
21) Address bar spoofing (CVE-ID: CVE-2017-5451)
The vulnerability allows a remote attacker to spoof browser address bar.
The vulnerability exists due to an error when processing onblur event. A remote attacker can spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar.
This vulnerability affects only Firefox for Android.
22) Sendbox bypass (CVE-ID: CVE-2017-5454)
The vulnerability allows a remote attacker to read files from local filesystem.
The vulnerability exists due to an error in sendbox implementation. A remote attacker can use the file picker to access different files than those selected in the file picker through the use of relative paths.
Successful exploitation of the vulnerability may allow an attacker to read arbitrary files from the vulnerable system.
23) Buffer overflow (CVE-ID: CVE-2017-5459)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebGL implementation. A remote attacker can trigger buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
24) Use-after-free (CVE-ID: CVE-2017-5460)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error in frame selection triggered by a combination of malicious script content and key presses by a user. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
25) Memory corruption (CVE-ID: CVE-2017-5464)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to memory corruption during DOM manipulations of the accessibility tree through script. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
26) Out-of-bounds read (CVE-ID: CVE-2017-5465)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error while processing SVG content in ConvolvePixel. A remote attacker can trigger out-of-bounds read and gain access to sensitive system memory.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
27) Cross-site scripting (CVE-ID: CVE-2017-5466)
The vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability exists due to origin confusion when reloading isolated data:text/html URL. If a page is loaded from an original site through a hyperlink and contains a redirect to a data:text/html URL, triggering a reload will run the reloaded data:text/html page with its origin set incorrectly.
Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive information from another domain.
28) Memory corruption (CVE-ID: CVE-2017-5467)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to memory corruption when using Skia content when drawing content outside of the bounds of a clipping region. A remote attacker can trigger memory corruption and cause browser crash.
29) Heap-based buffer overflow (CVE-ID: CVE-2016-6354)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in yy_get_next_buffer() function in Flex before 2.6.1. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.