SB2018032824 - Gentoo update for Mozilla Thunderbird
Published: March 28, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 40 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2017-7753)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to out-of-bounds read when applying style rules to pseudo-elements, such as ::first-line, using cached style data. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
2) Memory corruption (CVE-ID: CVE-2017-7779)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
3) Use-after-free error (CVE-ID: CVE-2017-7784)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error when reading an image observer during frame reconstruction after the observer has been freed. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
4) Buffer overflow (CVE-ID: CVE-2017-7785)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to buffer overflow when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
5) Buffer overflow (CVE-ID: CVE-2017-7786)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to buffer overflow when the image renderer attempts to paint non-displayable SVG elements. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
6) Information disclosure (CVE-ID: CVE-2017-7787)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to improper access controls. A remote attacker can trick the victim into visiting a specially crafted website, bypass same-origin policy protections on pages with embedded iframes during page reloads and access content on the top level page.
Successful exploitation of the vulnerability results in information disclosure.
7) Spoofing attack (CVE-ID: CVE-2017-7791)
The vulnerability allows a remote attacker to conduct spoofing attack on the target system.The weakness exists due to improper input validation. A remote attacker can trick the victim into visiting a specially crafted website and use iframe content and the 'data:' protocol to spoof the origin of a modal alert.
8) Buffer overflow (CVE-ID: CVE-2017-7792)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to buffer overflow when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
9) Use-after-free (CVE-ID: CVE-2017-7793)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error in the Fetch API when the worker or the associated window are freed when still in use. A remote unauthenticated attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Use-after-free error (CVE-ID: CVE-2017-7800)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error in WebSockets when the object holding the connection is freed before the disconnection operation is finished. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
11) Use-after-free error (CVE-ID: CVE-2017-7801)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error when recomputing layout for a marquee element during window resizing. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
12) Use-after-free error (CVE-ID: CVE-2017-7802)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error when manipulating the DOM during the resize event of an image element. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
13) Security restrictions bypass (CVE-ID: CVE-2017-7803)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to content security policy (CSP) directives being ignored. A remote attacker can trick the victim into visiting a specially crafted website and cause the incorrect enforcement of CSP.
14) Use-after-free (CVE-ID: CVE-2017-7805)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error during TLS 1.2 exchanges. A remote unauthenticated attacker can create a specially crafted web server, trick the victim into visiting it and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Domain hijacking (CVE-ID: CVE-2017-7807)
The vulnerability allows a remote attacker to hijack the domain on the target system.The weakness exists due to improper access controls. A remote attacker can trick the victim into visiting a specially crafted website, invoke AppCache and hijack a URL in a domain.
16) Use-after-free error (CVE-ID: CVE-2017-7809)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
17) Memory corruption (CVE-ID: CVE-2017-7810)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability exists due to improper bounds checking. A remote attacker can create a specially crafted web page, trick the victim into opening it and execute arbitrary code on the target system.
18) Blob and data URLs bypass phishing and malware protection warnings (CVE-ID: CVE-2017-7814)
The vulnerability allows a remote attacker to bypass phishing and malware protection warnings.File downloads encoded with
blob: and data: URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. 19) Use-after-free (CVE-ID: CVE-2017-7818)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. A remote unauthenticated attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Use-after-free (CVE-ID: CVE-2017-7819)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. A remote unauthenticated attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Cross-site scripting (CVE-ID: CVE-2017-7823)
The vulnerability allows a remote attacker to perform XSS attacks.The content security policy (CSP)
sandbox directive did not create a unique origin for the document, causing it to behave as if the allow-same-origin keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. 22) Buffer overflow (CVE-ID: CVE-2017-7824)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability exists due to improper bounds checking when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks. A remote attacker can create a specially crafted web page, trick the victim into opening it and execute arbitrary code on the target system.
23) Domain name spoofing (CVE-ID: CVE-2017-7825)
The vulnerability allows a remote attacker to perform spoofing attack.Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks.
Note: This attack only affects OS X operating systems. Other operating systems are unaffected.
24) Buffer overflow (CVE-ID: CVE-2017-7826)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to unspecified boundary errors when processing web pages. A remote unauthenticated attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
25) Use-after-free (CVE-ID: CVE-2017-7828)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when flushing and resizing layout because the PressShell object has been freed while still in use. A remote unauthenticated attacker can create a specially crafted web page, trick the victim into opening it and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Spoofing attack (CVE-ID: CVE-2017-7829)
The vulnerability allows a remote attacker to spoof browser address bar.
The vulnerability exists due to encoded null character is cut off in message header display. A remote attacker can spoof the sender's email address and display an arbitrary sender address to the email recipient.
27) Cross-origin information disclosure (CVE-ID: CVE-2017-7830)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error when processing cross-origin iframes in the Resource Timing API. A remote attacker can gain access to data, related to another URL.
28) Cross-site scripting (CVE-ID: CVE-2017-7846)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
29) Memory leak (CVE-ID: CVE-2017-7847)
The disclosed vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to leak of local path string from specially crafted CSS and RSS feed. A remote attacker can reveal local path strings, which may contain user name.
30) Spoofing attack (CVE-ID: CVE-2017-7848)
The disclosed vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insufficient input validation of user-supplied values in HTTP parameters. A remote attacker can inject new lines into the created email structure via specially crafted RSS fields and modify the message body.
31) Memory corruption (CVE-ID: CVE-2018-5089)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger mmeory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
32) Integer overflow (CVE-ID: CVE-2018-5095)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow in the Skia library when allocating memory for edge builders. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
33) Use-after-free error (CVE-ID: CVE-2018-5096)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error during WebRTC connections while editing events in form elements on a page. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
34) Use-after-free error (CVE-ID: CVE-2018-5097)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error during XSL transformations. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
35) Use-after-free error (CVE-ID: CVE-2018-5098)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error when manipulating form input elements. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
36) Use-after-free error (CVE-ID: CVE-2018-5099)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error in the widget listener. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
37) Use-after-free error (CVE-ID: CVE-2018-5102)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error when manipulating HTML media elements with media streams. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
38) Use-after-free error (CVE-ID: CVE-2018-5103)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error during mouse event handling. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
39) Use-after-free error (CVE-ID: CVE-2018-5104)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error during font face manipulation. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
40) Spoofing attack (CVE-ID: CVE-2018-5117)
The vulnerability allows a remote attacker to spoof browser address bar.
The vulnerability exists due to an error when right-to-left text is used in the addressbar with left-to-right alignment. A remote attacker can trick the victim into visiting a specially crafted website, and spoof the URL.
Remediation
Install update from vendor's website.