[manjaro-security] [ASA-201810-13] thunderbird: multiple issues
Santiago Torres-Arias
santiago at archlinux.org
Fri Oct 19 19:56:41 CEST 2018
Arch Linux Security Advisory ASA-201810-13
==========================================
Severity: Critical
Date : 2018-10-18
CVE-ID : CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379
CVE-2018-12383 CVE-2018-12385
Package : thunderbird
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-782
Summary
=======
The package thunderbird before version 60.2.1-1 is vulnerable to
multiple issues including arbitrary code execution and information
disclosure.
Resolution
==========
Upgrade to 60.2.1-1.
# pacman -Syu "thunderbird>=60.2.1-1"
The problems have been fixed upstream in version 60.2.1.
Workaround
==========
None.
Description
===========
- CVE-2018-12376 (arbitrary code execution)
Several memory safety bugs have been found in Thunderbird versions
prior to 60.2.1.
- CVE-2018-12377 (arbitrary code execution)
A use-after-free vulnerability has been found in Thunderbird versions
prior to 60.2.1, which can occur when refresh driver timers are
refreshed in some circumstances during shutdown when the timer is
deleted while still in use. This results in a potentially exploitable
crash.
- CVE-2018-12378 (arbitrary code execution)
A use-after-free vulnerability has been found in Thunderbird versions
prior to 60.2.1, which can occur when an IndexedDB index is deleted
while still in use by JavaScript code that is providing payload values
to be stored. This results in a potentially exploitable crash.
- CVE-2018-12379 (arbitrary code execution)
A security issue has been found in Thunderbird versions prior to
60.2.1. When the Mozilla Updater opens a MAR format file which contains
a very long item filename, an out-of-bounds write can be triggered,
leading to a potentially exploitable crash. This requires running the
Mozilla Updater manually on the local system with the malicious MAR
file in order to occur.
- CVE-2018-12383 (information disclosure)
A security issue has been found in Thunderbird versions prior to
60.2.1. If a user saved passwords before the move to a new password
format and then later set a master password, an unencrypted copy of
these passwords is still accessible. This is because the older stored
password file was not deleted when the data was copied to a new format.
The new master password is added only on the new file. This could allow
the exposure of stored password data outside of user expectations.
- CVE-2018-12385 (arbitrary code execution)
A security issue has been found in Thunderbird versions prior to
60.2.1. A potentially exploitable crash in TransportSecurityInfo used
for SSL can be triggered by data stored in the local cache in the user
profile directory. This issue is only exploitable in combination with
another vulnerability allowing an attacker to write data into the local
cache or from locally installed malware.
Impact
======
A remote attacker can access sensitive information or execute arbitrary
code on the affected host.
References
==========
https://bugs.archlinux.org/task/60424
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12376
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1469309%2C1469914%2C1450989%2C1480092%2C1480517%2C1481093%2C1478575%2C1471953%2C1473161%2C1466991%2C1468738%2C1483120%2C1467363%2C1472925%2C1466577%2C1467889%2C1480521%2C1478849
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12377
https://bugzilla.mozilla.org/show_bug.cgi?id=1470260
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12378
https://bugzilla.mozilla.org/show_bug.cgi?id=1459383
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12379
https://bugzilla.mozilla.org/show_bug.cgi?id=1473113
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12383
https://bugzilla.mozilla.org/show_bug.cgi?id=1475775
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12385
https://bugzilla.mozilla.org/show_bug.cgi?id=1490585
https://security.archlinux.org/CVE-2018-12376
https://security.archlinux.org/CVE-2018-12377
https://security.archlinux.org/CVE-2018-12378
https://security.archlinux.org/CVE-2018-12379
https://security.archlinux.org/CVE-2018-12383
https://security.archlinux.org/CVE-2018-12385
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20181019/2b0dbeee/attachment.sig>
More information about the manjaro-security
mailing list