Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Important: thunderbird security update

Related Vulnerabilities: CVE-2017-5373   CVE-2017-5375   CVE-2017-5376   CVE-2017-5378   CVE-2017-5380   CVE-2017-5383   CVE-2017-5390   CVE-2017-5396   CVE-2017-5373   CVE-2017-5375   CVE-2017-5376   CVE-2017-5378   CVE-2017-5380   CVE-2017-5390   CVE-2017-5396   CVE-2017-5383   CVE-2017-5378   CVE-2017-5396   CVE-2017-5380   CVE-2017-5383   CVE-2017-5373   CVE-2017-5375   CVE-2017-5376   CVE-2017-5390  

Source

Synopsis

Important: thunderbird security update

Type/Severity

Security Advisory: Important

Topic

An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red
Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 45.7.0.

Security Fix(es):

  • Multiple flaws were found in the processing of malformed web content. A web
    page containing malicious content could cause Thunderbird to crash or,
    potentially, execute arbitrary code with the privileges of the user running
    Thunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378,
    CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou, Christian
Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0,
Nicolas Gregoire, and Jerri Rice as the original reporters.

Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take
effect.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 7.3 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.3 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.4 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.3 ppc64le
  • Red Hat Enterprise Linux Server - TUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.3 x86_64
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 ppc64le
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.3 ppc64le
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.3 x86_64

Fixes

  • BZ - 1415924 - CVE-2017-5373 Mozilla: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (MFSA 2017-01)
  • BZ - 1416271 - CVE-2017-5375 Mozilla: Excessive JIT code allocation allows bypass of ASLR and DEP (MFSA 2017-02)
  • BZ - 1416272 - CVE-2017-5376 Mozilla: Use-after-free in XSL (MFSA 2017-02)
  • BZ - 1416273 - CVE-2017-5378 Mozilla: Pointer and frame data leakage of Javascript objects (MFSA 2017-02)
  • BZ - 1416274 - CVE-2017-5380 Mozilla: Potential use-after-free during DOM manipulations (MFSA 2017-02)
  • BZ - 1416279 - CVE-2017-5390 Mozilla: Insecure communication methods in Developer Tools JSON viewer (MFSA 2017-02)
  • BZ - 1416280 - CVE-2017-5396 Mozilla: Use-after-free with Media Decoder (MFSA 2017-02)
  • BZ - 1416281 - CVE-2017-5383 Mozilla: Location bar spoofing with unicode characters (MFSA 2017-02)

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started