SB2018070907 - OpenSUSE Linux update for Mozilla Thunderbird

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018070907

SB2018070907 - OpenSUSE Linux update for Mozilla Thunderbird

Published: July 9, 2018

Security Bulletin ID SB2018070907
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 45% Low 55%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2018-12359)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to buffer overflow when rendering canvas content while adjusting the height and width of the <canvas> element dynamically. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger out-of-bounds write and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Use-after-free error (CVE-ID: CVE-2018-12360)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free vulnerability when deleting an input element during a mutation event handler triggered by focusing that element. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Integer overflow (CVE-ID: CVE-2018-12362)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Use-after-free error (CVE-ID: CVE-2018-12363)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when script uses mutation events to move DOM nodes between documents. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Cross-site request forgery (CVE-ID: CVE-2018-12364)

The vulnerability allows a remote attacker to perform CSRF attack.

The weakness exists due to insufficient CSRF protections. A remote attacker can use NPAPI plugins, such as Adobe Flash, send non-simple cross-origin requests, make a same-origin POST that does a 307 redirect to the target site, bypass CORS and conduct cross-site request forgery (CSRF) attacks.

6) Information disclosure (CVE-ID: CVE-2018-12365)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to a compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. A remote attacker can gain access to private local files.

7) Out-of-bounds read (CVE-ID: CVE-2018-12366)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to an invalid grid size during QCMS (color profile) transformations. A remote attacker can trigger out-of-bounds read interpreted as a float value and access private data from the output.

8) Memory leak (CVE-ID: CVE-2018-12372)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. A remote attacker can trigger memory leak and gain access to arbitrary data.


9) Memory leak (CVE-ID: CVE-2018-12373)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to dDecrypted S/MIME parts hidden with CSS or <plaintext> can leak plaintext when included in a HTML reply/forward. A remote attacker can trigger memory leak and gain access to arbitrary data.


10) Memory leak (CVE-ID: CVE-2018-12374)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to plaintext of decrypted emails can leak through. A remote attacker can submit an embedded form by press enter key within a text input field, submit an embedded form, trigger memory leak and gain access to arbitrary data.


11) Memory corruption (CVE-ID: CVE-2018-5188)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malicious input. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References