96694

1037966

https://bugzilla.mozilla.org/show_bug.cgi?id=1257361

https://www.mozilla.org/security/advisories/mfsa2017-05/

https://www.mozilla.org/security/advisories/mfsa2017-09/

This update to MozillaThunderbird 51.1.0 fixes security issues and bugs.

In general, these flaws cannot be exploited through email because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

The following vulnerabilities were fixed: boo#1035082, MFSA 2017-13, boo#1028391, MFSA 2017-09)

  - CVE-2017-5443: Out-of-bounds write during BinHex     decoding

  - CVE-2017-5429: Memory safety bugs fixed in Firefox 53,     Firefox ESR 45.9, and Firefox ESR 52.1

  - CVE-2017-5464: Memory corruption with accessibility and     DOM manipulation

  - CVE-2017-5465: Out-of-bounds read in ConvolvePixel

  - CVE-2017-5466: Origin confusion when reloading isolated     data:text/html URL

  - CVE-2017-5467: Memory corruption when drawing Skia     content

  - CVE-2017-5460: Use-after-free in frame selection

  - CVE-2017-5449: Crash during bidirectional unicode     manipulation with animation

  - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA     frames are sent with incorrect data

  - CVE-2017-5447: Out-of-bounds read during glyph     processing

  - CVE-2017-5444: Buffer overflow while parsing     application/http-index-format content

  - CVE-2017-5445: Uninitialized values used while parsing     application/http-index-format content

  - CVE-2017-5442: Use-after-free during style changes

  - CVE-2017-5469: Potential Buffer overflow in     flex-generated code

  - CVE-2017-5440: Use-after-free in txExecutionState     destructor during XSLT processing

  - CVE-2017-5441: Use-after-free with selection during     scroll events

  - CVE-2017-5439: Use-after-free in nsTArray Length()     during XSLT processing

  - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT     processing

  - CVE-2017-5437: Vulnerabilities in Libevent library

  - CVE-2017-5436: Out-of-bounds write with malicious font     in Graphite 2

  - CVE-2017-5435: Use-after-free during transaction     processing in the editor

  - CVE-2017-5434: Use-after-free during focus handling

  - CVE-2017-5433: Use-after-free in SMIL animation     functions

  - CVE-2017-5432: Use-after-free in text input selection

  - CVE-2017-5430: Memory safety bugs fixed in Firefox 53     and Firefox ESR 52.1

  - CVE-2017-5459: Buffer overflow in WebGL

  - CVE-2017-5454; Sandbox escape allowing file system read     access through file picker

  - CVE-2017-5451: Addressbar spoofing with onblur event

  - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP

  - CVE-2017-5401: Memory Corruption when handling     ErrorResult

  - CVE-2017-5402: Use-after-free working with events in     FontFace objects

  - CVE-2017-5403: Use-after-free using addRange to add     range to an incorrect root object

  - CVE-2017-5404: Use-after-free working with ranges in     selections

  - CVE-2017-5406: Segmentation fault in Skia with canvas     operations 

  - CVE-2017-5407: Pixel and history stealing via     floating-point timing side channel with SVG filters

  - CVE-2017-5410: Memory corruption during JavaScript     garbage collection incremental sweeping

  - CVE-2017-5408: Cross-origin reading of video captions in     violation of CORS

  - CVE-2017-5412: Buffer overflow read in SVG filters

  - CVE-2017-5413: Segmentation fault during bidirectional     operations

  - CVE-2017-5414: File picker can choose incorrect default     directory

  - CVE-2017-5416: Null dereference crash in HttpChannel

  - CVE-2017-5426: Gecko Media Plugin sandbox is not started     if seccomp-bpf filter is running

  - CVE-2017-5418: Out of bounds read when parsing HTTP     digest authorization responses

  - CVE-2017-5419: Repeated authentication prompts lead to     DOS attack

  - CVE-2017-5405: FTP response codes can cause use of     uninitialized values for ports

  - CVE-2017-5421: Print preview spoofing

  - CVE-2017-5422: DOS attack by using view-source: protocol     repeatedly in one hyperlink

  - CVE-2017-5399: Memory safety bugs fixed in Thunderbird     52

  - CVE-2017-5398: Memory safety bugs fixed in Thunderbird     52 and Thunderbird 45.8

The following non-security changes are included :

  - Background images not working and other issues related     to embedded images when composing email have been fixed

  - Google Oauth setup can sometimes not progress to the     next step

  - Clicking on a link in an email may not open this link in     the external browser

  - addon blocklist updates

  - enable ALSA for systems without PulseAudio

  - Optionally remove corresponding data files when removing     an account

  - Possibility to copy message filter

  - Calendar: Event can now be created and edited in a tab

  - Calendar: Processing of received invitation counter     proposals

  - Chat: Support Twitter Direct Messages

  - Chat: Liking and favoriting in Twitter

  - Chat: Removed Yahoo! Messenger support

USN-3216-1 fixed vulnerabilities in Firefox. The update resulted in a startup crash when Firefox is used with XRDP. This update fixes the problem.

We apologize for the inconvenience.

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of service via application crash or hang, or execute arbitrary code. (CVE-2017-5398, CVE-2017-5399, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405, CVE-2017-5406, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422, CVE-2017-5426, CVE-2017-5427).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for MozillaFirefox and mozilla-nss fixes the following issues :

MozillaFirefox was updated to Firefox 52.0 (boo#1028391)

  - requires NSS >= 3.28.3

  - Pages containing insecure password fields now display a     warning directly within username and password fields.

  - Send and open a tab from one device to another with Sync

  - Removed NPAPI support for plugins other than Flash.
    Silverlight, Java, Acrobat and the like are no longer     supported.

  - Removed Battery Status API to reduce fingerprinting of     users by trackers

  - MFSA 2017-05 CVE-2017-5400: asm.js JIT-spray bypass of     ASLR and DEP (bmo#1334933) CVE-2017-5401: Memory     Corruption when handling ErrorResult (bmo#1328861)     CVE-2017-5402: Use-after-free working with events in     FontFace objects (bmo#1334876) CVE-2017-5403:
    Use-after-free using addRange to add range to an     incorrect root object (bmo#1340186) CVE-2017-5404:
    Use-after-free working with ranges in selections     (bmo#1340138) CVE-2017-5406: Segmentation fault in Skia     with canvas operations (bmo#1306890) CVE-2017-5407:
    Pixel and history stealing via floating-point timing     side channel with SVG filters (bmo#1336622)     CVE-2017-5410: Memory corruption during JavaScript     garbage collection incremental sweeping (bmo#1330687)     CVE-2017-5408: Cross-origin reading of video captions in     violation of CORS (bmo#1313711) CVE-2017-5412: Buffer     overflow read in SVG filters (bmo#1328323)     CVE-2017-5413: Segmentation fault during bidirectional     operations (bmo#1337504) CVE-2017-5414: File picker can     choose incorrect default directory (bmo#1319370)     CVE-2017-5415: Addressbar spoofing through blob URL     (bmo#1321719) CVE-2017-5416: Null dereference crash in     HttpChannel (bmo#1328121) CVE-2017-5417: Addressbar     spoofing by draging and dropping URLs (bmo#791597)     CVE-2017-5426: Gecko Media Plugin sandbox is not started     if seccomp-bpf filter is running (bmo#1257361)     CVE-2017-5427: Non-existent chrome.manifest file loaded     during startup (bmo#1295542) CVE-2017-5418: Out of     bounds read when parsing HTTP digest authorization     responses (bmo#1338876) CVE-2017-5419: Repeated     authentication prompts lead to DOS attack (bmo#1312243)     CVE-2017-5420: Javascript: URLs can obfuscate addressbar     location (bmo#1284395) CVE-2017-5405: FTP response codes     can cause use of uninitialized values for ports     (bmo#1336699) CVE-2017-5421: Print preview spoofing     (bmo#1301876) CVE-2017-5422: DOS attack by using     view-source: protocol repeatedly in one hyperlink     (bmo#1295002) CVE-2017-5399: Memory safety bugs fixed in     Firefox 52 CVE-2017-5398: Memory safety bugs fixed in     Firefox 52 and Firefox ESR 45.8

mozilla-nss was updated to NSS 3.28.3

  - This is a patch release to fix binary compatibility     issues. NSS version 3.28, 3.28.1 and 3.28.2 contained     changes that were in violation with the NSS     compatibility promise. ECParams, which is part of the     public API of the freebl/softokn parts of NSS, had been     changed to include an additional attribute. That size     increase caused crashes or malfunctioning with     applications that use that data structure directly, or     indirectly through ECPublicKey, ECPrivateKey,     NSSLOWKEYPublicKey, NSSLOWKEYPrivateKey, or potentially     other data structures that reference ECParams. The     change has been reverted to the original state in bug     bmo#1334108. SECKEYECPublicKey had been extended with a     new attribute, named 'encoding'. If an application     passed type SECKEYECPublicKey to NSS (as part of     SECKEYPublicKey), the NSS library read the uninitialized     attribute. With this NSS release     SECKEYECPublicKey.encoding is deprecated. NSS no longer     reads the attribute, and will always set it to     ECPoint_Undefined. See bug bmo#1340103.

  - requires NSPR >= 4.13.1

  - update to NSS 3.28.2 This is a stability and     compatibility release. Below is a summary of the     changes.

  - Fixed a NSS 3.28 regression in the signature scheme     flexibility that causes connectivity issues between iOS     8 clients and NSS servers with ECDSA certificates     (bmo#1334114)

  - Fixed a possible crash on some Windows systems     (bmo#1323150)

  - Fixed a compatibility issue with TLS clients that do not     provide a list of supported key exchange groups     (bmo#1330612)

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of service via application crash or hang, or execute arbitrary code. (CVE-2017-5398, CVE-2017-5399, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403, CVE-2017-5404, CVE-2017-5405, CVE-2017-5406, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414, CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420, CVE-2017-5421, CVE-2017-5422, CVE-2017-5426, CVE-2017-5427).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Mozilla Foundation reports :

Please reference CVE/URL list for details

ID	Name	Product	Family	Severity
100020	openSUSE Security Update : MozillaThunderbird (openSUSE-2017-545)	Nessus	SuSE Local Security Checks	critical
99121	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox regression (USN-3216-2)	Nessus	Ubuntu Local Security Checks	critical
97747	openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2017-344)	Nessus	SuSE Local Security Checks	critical
97600	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3216-1)	Nessus	Ubuntu Local Security Checks	critical
97592	FreeBSD : mozilla -- multiple vulnerabilities (96eca031-1313-4daf-9be2-9d6e1c4f1eb5)	Nessus	FreeBSD Local Security Checks	critical

CVE-2017-5426

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins