CVE-2017-5398

HIGH

Description

Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

References

http://rhn.redhat.com/errata/RHSA-2017-0459.html

http://rhn.redhat.com/errata/RHSA-2017-0461.html

http://rhn.redhat.com/errata/RHSA-2017-0498.html

http://www.securityfocus.com/bid/96651

http://www.securitytracker.com/id/1037966

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510

https://security.gentoo.org/glsa/201705-06

https://security.gentoo.org/glsa/201705-07

https://www.debian.org/security/2017/dsa-3805

https://www.debian.org/security/2017/dsa-3832

https://www.mozilla.org/security/advisories/mfsa2017-05/

https://www.mozilla.org/security/advisories/mfsa2017-06/

https://www.mozilla.org/security/advisories/mfsa2017-07/

https://www.mozilla.org/security/advisories/mfsa2017-09/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-01

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

ID	Name	Product	Family	Severity
127347	NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0110)	Nessus	NewStart CGSL Local Security Checks	critical
101437	Virtuozzo 6 : thunderbird (VZLSA-2017-0498)	Nessus	Virtuozzo Local Security Checks	critical
101436	Virtuozzo 7 : firefox (VZLSA-2017-0461)	Nessus	Virtuozzo Local Security Checks	critical
101435	Virtuozzo 6 : firefox (VZLSA-2017-0459)	Nessus	Virtuozzo Local Security Checks	critical
100084	GLSA-201705-07 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
100083	GLSA-201705-06 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
100020	openSUSE Security Update : MozillaThunderbird (openSUSE-2017-545)	Nessus	SuSE Local Security Checks	critical
99893	EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1048)	Nessus	Huawei Local Security Checks	critical
99892	EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1047)	Nessus	Huawei Local Security Checks	critical
99545	Debian DSA-3832-1 : icedove - security update	Nessus	Debian Local Security Checks	critical
99442	Debian DLA-896-1 : icedove/thunderbird security update	Nessus	Debian Local Security Checks	critical
99121	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox regression (USN-3216-2)	Nessus	Ubuntu Local Security Checks	critical
97973	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3233-1)	Nessus	Ubuntu Local Security Checks	critical
97832	SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:0732-1)	Nessus	SuSE Local Security Checks	critical
97825	SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:0714-1)	Nessus	SuSE Local Security Checks	critical
97756	CentOS 5 / 6 / 7 : thunderbird (CESA-2017:0498)	Nessus	CentOS Local Security Checks	critical
97751	Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
97749	Oracle Linux 6 / 7 : thunderbird (ELSA-2017-0498)	Nessus	Oracle Linux Local Security Checks	critical
97748	openSUSE Security Update : MozillaThunderbird (openSUSE-2017-345)	Nessus	SuSE Local Security Checks	critical
97747	openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2017-344)	Nessus	SuSE Local Security Checks	critical
97717	RHEL 5 / 6 / 7 : thunderbird (RHSA-2017:0498)	Nessus	Red Hat Local Security Checks	critical
97668	Debian DLA-852-1 : firefox-esr security update	Nessus	Debian Local Security Checks	critical
97663	Mozilla Thunderbird < 45.8 Multiple Vulnerabilities	Nessus	Windows	critical
97662	Mozilla Thunderbird < 45.8 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	critical
97643	Debian DSA-3805-1 : firefox-esr - security update	Nessus	Debian Local Security Checks	critical
97639	Mozilla Firefox < 52.0 Multiple Vulnerabilities	Nessus	Windows	critical
97638	Mozilla Firefox ESR < 45.8 Multiple Vulnerabilities	Nessus	Windows	critical
97637	Mozilla Firefox < 52.0 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	critical
97636	Mozilla Firefox ESR < 45.8 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	critical
97632	Scientific Linux Security Update : firefox on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	critical
97631	Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
97629	RHEL 7 : firefox (RHSA-2017:0461)	Nessus	Red Hat Local Security Checks	critical
97628	RHEL 5 / 6 : firefox (RHSA-2017:0459)	Nessus	Red Hat Local Security Checks	critical
97627	Oracle Linux 7 : firefox (ELSA-2017-0461)	Nessus	Oracle Linux Local Security Checks	critical
97626	Oracle Linux 5 / 6 : firefox (ELSA-2017-0459)	Nessus	Oracle Linux Local Security Checks	critical
97613	CentOS 7 : firefox (CESA-2017:0461)	Nessus	CentOS Local Security Checks	critical
97612	CentOS 5 / 6 : firefox (CESA-2017:0459)	Nessus	CentOS Local Security Checks	critical
97600	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3216-1)	Nessus	Ubuntu Local Security Checks	critical
97592	FreeBSD : mozilla -- multiple vulnerabilities (96eca031-1313-4daf-9be2-9d6e1c4f1eb5)	Nessus	FreeBSD Local Security Checks	critical
9987	Mozilla Firefox ESR < 45.8 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
9986	Mozilla Firefox < 52 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical