Red Hat update for Mozilla Thunderbird



| Updated: 2018-05-28
Risk High
Patch available YES
Number of vulnerabilities 12
CVE-ID CVE-2018-5150
CVE-2018-5154
CVE-2018-5155
CVE-2018-5159
CVE-2018-5161
CVE-2018-5162
CVE-2018-5168
CVE-2018-5170
CVE-2018-5178
CVE-2018-5183
CVE-2018-5184
CVE-2018-5185
CWE-ID CWE-119
CWE-416
CWE-20
CWE-200
CWE-264
CWE-451
CWE-120
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Red Hat Enterprise Linux for IBM z Systems
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Power
Operating systems & Components / Operating system

Red Hat Enterprise Linux Desktop
Operating systems & Components / Operating system

Red Hat Enterprise Linux Workstation
Operating systems & Components / Operating system

Red Hat Enterprise Linux Server
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU12566

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-5150

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux for Power: 6.7

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2018:1726


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free error

EUVDB-ID: #VU12528

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-5154

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error while enumerating attributes during SVG animations with clip paths. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux for Power: 6.7

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2018:1726


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free error

EUVDB-ID: #VU12529

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-5155

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error while adjusting layout during SVG animations with text paths. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux for Power: 6.7

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2018:1726


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory corruption

EUVDB-ID: #VU12530

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-5159

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow in the Skia library while 32-bit integer use in an array without integer overflow checks. A remote attacker can trick the victim into visiting a specially crafted website, trigger out-of-bounds write and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux for Power: 6.7

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2018:1726


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU12861

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-5161

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can use specially crafted message headers and cause a Thunderbird process to hang on receiving the message.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux for Power: 6.7

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2018:1726


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU12866

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-5162

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can use the src attribute of remote images or links and disclose plaintext of decrypted emails.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux for Power: 6.7

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2018:1726


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Security restrictions bypass

EUVDB-ID: #VU12551

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-5168

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper privileges or access controls. A remote attacker can manipulate the baseURI property of the theme element, bypass security restrictions and cause lightweight themes to be installed without user interaction which could contain offensive or embarrassing images.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux for Power: 6.7

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2018:1726


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Spoofing attack

EUVDB-ID: #VU12867

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-5170

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to insufficient input validation of user-supplied input. A remote attacker can use external attachments, spoof the filename of an attachment and display an arbitrary attachment name.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux for Power: 6.7

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2018:1726


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU12578

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-5178

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper bounds checking during UTF8 to Unicode string conversion. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux for Power: 6.7

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2018:1726


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory corruption

EUVDB-ID: #VU12577

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-5183

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to multiple memory corruptions in the Skia library. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruptions and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux for Power: 6.7

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2018:1726


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information disclosure

EUVDB-ID: #VU12856

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-5184

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can use remote content in encrypted messages and disclose plaintext.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux for Power: 6.7

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2018:1726


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Information disclosure

EUVDB-ID: #VU12868

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-5185

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can submit a specially crafted HTML form and disclose plaintext of decrypted emails.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 6

Red Hat Enterprise Linux for Power: 6.7

Red Hat Enterprise Linux Desktop: 6

Red Hat Enterprise Linux Workstation: 6

Red Hat Enterprise Linux Server: 6.0

CPE2.3 External links

https://access.redhat.com/errata/RHSA-2018:1726


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###