{"id":"MGASA-2017-0082","summary":"Updated thunderbird packages fix security vulnerability","details":"JIT-spray targeting asm.js combined with a heap spray allows for a bypass\nof ASLR and DEP protections leading to potential memory corruption\nattacks. (CVE-2017-5400)\n\nA crash triggerable by web content in which an ErrorResult references\nunassigned memory due to a logic error. The resulting crash may be\nexploitable. (CVE-2017-5401)\n\nA use-after-free can occur when events are fired for a FontFace object\nafter the object has been already been destroyed while working with fonts.\nThis results in a potentially exploitable crash. (CVE-2017-5402)\n\nA use-after-free error can occur when manipulating ranges in selections\nwith one node inside a native anonymous tree and one node outside of it.\nThis results in a potentially exploitable crash. (CVE-2017-5404)\n\nUsing SVG filters that don't use the fixed point math implementation on a\ntarget iframe, a malicious page can extract pixel values from a targeted\nuser. This can be used to extract history information and read text values\nacross domains. This violates same-origin policy and leads to information\ndisclosure. (CVE-2017-5407)\n\nMemory corruption resulting in a potentially exploitable crash during\ngarbage collection of JavaScript due errors in how incremental sweeping is\nmanaged for memory cleanup. (CVE-2017-5410)\n\nVideo files loaded video captions cross-origin without checking for the\npresence of CORS headers permitting such cross-origin use, leading to\npotential information disclosure for video captions. (CVE-2017-5408)\n\nCertain response codes in FTP connections can result in the use of\nuninitialized values for ports in FTP operations. (CVE-2017-5405)\n\nMozilla developers and community members Boris Zbarsky, Christian Holler,\nHonza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and\nNathan Froyd reported memory safety bugs present in Thunderbird 45.7. Some\nof these bugs showed evidence of memory corruption and we presume that\nwith enough effort that some of these could be exploited to run arbitrary\ncode. (CVE-2017-5398)\n","modified":"2026-04-16T01:48:59.169854540Z","published":"2017-03-23T21:21:35Z","upstream":["CVE-2017-5398","CVE-2017-5400","CVE-2017-5401","CVE-2017-5402","CVE-2017-5404","CVE-2017-5405","CVE-2017-5407","CVE-2017-5408","CVE-2017-5410"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0082.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20420"},{"type":"WEB","url":"https://www.mozilla.org/en-US/thunderbird/45.8.0/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.8.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0082.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.8.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0082.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}