openSUSE Security Update : MozillaThunderbird (openSUSE-2017-545)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update to MozillaThunderbird 51.1.0 fixes security issues and
bugs.

In general, these flaws cannot be exploited through email because
scripting is disabled when reading mail, but are potentially risks in
browser or browser-like contexts.

The following vulnerabilities were fixed: boo#1035082, MFSA 2017-13,
boo#1028391, MFSA 2017-09)

- CVE-2017-5443: Out-of-bounds write during BinHex
decoding

- CVE-2017-5429: Memory safety bugs fixed in Firefox 53,
Firefox ESR 45.9, and Firefox ESR 52.1

- CVE-2017-5464: Memory corruption with accessibility and
DOM manipulation

- CVE-2017-5465: Out-of-bounds read in ConvolvePixel

- CVE-2017-5466: Origin confusion when reloading isolated
data:text/html URL

- CVE-2017-5467: Memory corruption when drawing Skia
content

- CVE-2017-5460: Use-after-free in frame selection

- CVE-2017-5449: Crash during bidirectional unicode
manipulation with animation

- CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA
frames are sent with incorrect data

- CVE-2017-5447: Out-of-bounds read during glyph
processing

- CVE-2017-5444: Buffer overflow while parsing
application/http-index-format content

- CVE-2017-5445: Uninitialized values used while parsing
application/http-index-format content

- CVE-2017-5442: Use-after-free during style changes

- CVE-2017-5469: Potential Buffer overflow in
flex-generated code

- CVE-2017-5440: Use-after-free in txExecutionState
destructor during XSLT processing

- CVE-2017-5441: Use-after-free with selection during
scroll events

- CVE-2017-5439: Use-after-free in nsTArray Length()
during XSLT processing

- CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT
processing

- CVE-2017-5437: Vulnerabilities in Libevent library

- CVE-2017-5436: Out-of-bounds write with malicious font
in Graphite 2

- CVE-2017-5435: Use-after-free during transaction
processing in the editor

- CVE-2017-5434: Use-after-free during focus handling

- CVE-2017-5433: Use-after-free in SMIL animation
functions

- CVE-2017-5432: Use-after-free in text input selection

- CVE-2017-5430: Memory safety bugs fixed in Firefox 53
and Firefox ESR 52.1

- CVE-2017-5459: Buffer overflow in WebGL

- CVE-2017-5454; Sandbox escape allowing file system read
access through file picker

- CVE-2017-5451: Addressbar spoofing with onblur event

- CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP

- CVE-2017-5401: Memory Corruption when handling
ErrorResult

- CVE-2017-5402: Use-after-free working with events in
FontFace objects

- CVE-2017-5403: Use-after-free using addRange to add
range to an incorrect root object

- CVE-2017-5404: Use-after-free working with ranges in
selections

- CVE-2017-5406: Segmentation fault in Skia with canvas
operations

- CVE-2017-5407: Pixel and history stealing via
floating-point timing side channel with SVG filters

- CVE-2017-5410: Memory corruption during JavaScript
garbage collection incremental sweeping

- CVE-2017-5408: Cross-origin reading of video captions in
violation of CORS

- CVE-2017-5412: Buffer overflow read in SVG filters

- CVE-2017-5413: Segmentation fault during bidirectional
operations

- CVE-2017-5414: File picker can choose incorrect default
directory

- CVE-2017-5416: Null dereference crash in HttpChannel

- CVE-2017-5426: Gecko Media Plugin sandbox is not started
if seccomp-bpf filter is running

- CVE-2017-5418: Out of bounds read when parsing HTTP
digest authorization responses

- CVE-2017-5419: Repeated authentication prompts lead to
DOS attack

- CVE-2017-5405: FTP response codes can cause use of
uninitialized values for ports

- CVE-2017-5421: Print preview spoofing

- CVE-2017-5422: DOS attack by using view-source: protocol
repeatedly in one hyperlink

- CVE-2017-5399: Memory safety bugs fixed in Thunderbird
52

- CVE-2017-5398: Memory safety bugs fixed in Thunderbird
52 and Thunderbird 45.8

The following non-security changes are included :

- Background images not working and other issues related
to embedded images when composing email have been fixed

- Google Oauth setup can sometimes not progress to the
next step

- Clicking on a link in an email may not open this link in
the external browser

- addon blocklist updates

- enable ALSA for systems without PulseAudio

- Optionally remove corresponding data files when removing
an account

- Possibility to copy message filter

- Calendar: Event can now be created and edited in a tab

- Calendar: Processing of received invitation counter
proposals

- Chat: Support Twitter Direct Messages

- Chat: Liking and favoriting in Twitter

- Chat: Removed Yahoo! Messenger support

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1028391
https://bugzilla.opensuse.org/show_bug.cgi?id=1035082

Solution :

Update the affected MozillaThunderbird packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)