{"id":"MGASA-2017-0006","summary":"Updated thunderbird packages fix security vulnerabilities","details":"Use-after-free while manipulating DOM events and removing audio elements\ndue to errors in the handling of node adoption (CVE-2016-9899).\n\nEvent handlers on marquee elements were executed despite a strict\nContent Security Policy (CSP) that disallowed inline JavaScript\n(CVE-2016-9895).\n\nMemory corruption resulting in a potentially exploitable crash during\nWebGL functions using a vector constructor with a varying array within\nlibGLES (CVE-2016-9897).\n\nUse-after-free resulting in potentially exploitable crash when\nmanipulating DOM subtrees in the Editor (CVE-2016-9898).\n\nExternal resources that should be blocked when loaded by SVG images can\nbypass security restrictions through the use of data: URLs. This could\nallow for cross-domain data leakage (CVE-2016-9900).\n\nAn attacker could use a JavaScript Map/Set timing attack to determine\nwhether an atom is used by another compartment/zone in specific\ncontexts. This could be used to leak information, such as usernames\nembedded in JavaScript code, across websites (CVE-2016-9904).\n\nA potentially exploitable crash in EnumerateSubDocuments while adding or\nremoving sub-documents (CVE-2016-9905).\n\nMozilla developers and community members Jan de Mooij, Iris Hsiao,\nChristian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli\nPettay, Raymond Forbes, and Boris Zbarsky reported memory safety bugs\npresent in Thunderbird ESR 45.6. Some of these bugs showed evidence\nof memory corruption and we presume that with enough effort that some of\nthese could be exploited to run arbitrary code (CVE-2016-9893).\n","modified":"2026-03-25T17:45:27.338377Z","published":"2017-01-06T08:28:18Z","related":["CVE-2016-9893","CVE-2016-9895","CVE-2016-9897","CVE-2016-9898","CVE-2016-9899","CVE-2016-9900","CVE-2016-9904","CVE-2016-9905"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0006.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20003"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/thunderbird/45.6.0/releasenotes/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/"},{"type":"REPORT","url":"https://rhn.redhat.com/errata/RHSA-2016-2973.html"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.6.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0006.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.6.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0006.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}