{"id":"MGASA-2018-0115","summary":"Updated thunderbird packages fix security vulnerability","details":"Integer overflow in Skia library during edge builder allocation.\n(CVE-2018-5095)\n\nUse-after-free while editing form elements. (CVE-2018-5096)\n\nUse-after-free when source document is manipulated during XSLT.\n(CVE-2018-5097)\n\nUse-after-free while manipulating form input elements. (CVE-2018-5098)\n\nUse-after-free with widget listener. (CVE-2018-5099)\n\nUse-after-free in HTML media elements. (CVE-2018-5102)\n\nUse-after-free during mouse event handling. (CVE-2018-5103)\n\nUse-after-free during font face manipulation. (CVE-2018-5104)\n\nURL spoofing with right-to-left text aligned left-to-right.\n(CVE-2018-5117)\n\nMemory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird\n52.6. (CVE-2018-5089)\n","modified":"2026-02-02T11:27:12.913136Z","published":"2018-02-06T06:25:44Z","related":["CVE-2018-5089","CVE-2018-5095","CVE-2018-5096","CVE-2018-5097","CVE-2018-5098","CVE-2018-5099","CVE-2018-5102","CVE-2018-5103","CVE-2018-5104","CVE-2018-5117"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0115.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22470"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/thunderbird/52.6.0/releasenotes/"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.6.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0115.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.6.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0115.json"}},{"package":{"name":"thunderbird","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.6.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0115.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.6.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0115.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}