openSUSE-SU-2017:0688-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2017:0688-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2017:0688-1
Related
Published
2017-03-14T14:03:02Z
Modified
2017-03-14T14:03:02Z
Summary
Security update for MozillaThunderbird
Details

This update to Mozilla Thunderbird 45.8.0 fixes security issues and bugs.

The following security issues from advisory MFSA 2017-07 were fixed. (boo#1028391) In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts:

  • CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
  • CVE-2017-5401: Memory Corruption when handling ErrorResult
  • CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876)
  • CVE-2017-5404: Use-after-free working with ranges in selections
  • CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
  • CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
  • CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
  • CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699)
  • CVE-2017-5398: Memory safety bugs fixed in Thunderbird 45.8

The following non-security issues were fixed:

  • crash when viewing certain IMAP messages
References

Affected packages

SUSE:Package Hub 12 / MozillaThunderbird

Package

Name
MozillaThunderbird
Purl
pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
45.8.0-27.1

Ecosystem specific

{
    "binaries": [
        {
            "MozillaThunderbird-buildsymbols": "45.8.0-27.1",
            "MozillaThunderbird": "45.8.0-27.1",
            "MozillaThunderbird-devel": "45.8.0-27.1",
            "MozillaThunderbird-translations-common": "45.8.0-27.1",
            "MozillaThunderbird-translations-other": "45.8.0-27.1"
        }
    ]
}