Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0010 Multiple vulnerabilities have been identified in Mozilla prior to version 45.7 27 January 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mozilla Thunderbird Operating System: Windows Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-5396 CVE-2017-5390 CVE-2017-5383 CVE-2017-5380 CVE-2017-5378 CVE-2017-5376 CVE-2017-5375 CVE-2017-5373 Member content until: Sunday, February 26 2017 Reference: ASB-2017.0007 ESB-2017.0225 ESB-2017.0224 OVERVIEW Multiple vulnerabilities have been identified in Mozilla Thunderbird prior to version 45.7. [1] IMPACT The vendor has provided the following information regarding these vulnerabilities: "#CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. #CVE-2017-5376: Use-after-free in XSL Use-after-free while manipulating XSL in XSLT documents #CVE-2017-5378: Pointer and frame data leakage of Javascript objects Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes. #CVE-2017-5380: Potential use-after-free during DOM manipulations A potential use-after-free found through fuzzing during DOM manipulation of SVG content. #CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. #CVE-2017-5396: Use-after-free with Media Decoder A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. #CVE-2017-5383: Location bar spoofing with unicode characters URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. #CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7 Mozilla developers and community members Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code." [1] MITIGATION The vendor recommends updating to the latest version. [1] REFERENCES [1] Mozilla Foundation Security Advisory 2017-03 https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWIrKbox+lLeg9Ub1AQj5TRAAlhVbepqrSWHwh31/LxhKZVf0pkpNMRAE r97LFiS/mKWXa9bR07U49PJ4r7DI+S13euHeVDzeeF6ctTWSau1j1qLOFkawc3Z3 Ga9GoE4Nu93fZtqJ3ji0URfgyvLs5uz+2aW6c8TmTEQ6gWKd8WdJJMFNMHFphhzB 4q/5obtGux1j47RMbgseXxNkADL6lvu5Pmage6Il7KgHQTs0aGDRjCF6isNw6Jm0 qWS3DVIM6BFevBfJqEGkKy8h8lGgnb6FUuxtnYzYiqPh9MU4FkVBHLJROJRhPA40 tiett1F+REEYxCEvJEAnKJotyUBqRry+9ulhyrks4dQTC5lORuKXdl83HzIN3J11 JL3IoWxWj+CeI3iIVOIZR46TiVwg7xecVpcpRlStRNRLh+/oM0D1DInihR6YtnZc 8sDf3eo6ztrgY6CGbj3YhMeal4LHkMLJfHahN/yx1LKRYTL0medydhUb1I7snhWL Jcssc95biccVFxm3oOzf8VdaG3VdMiLb1JdMuRE2XUFKxsBlOaO9JhMFsGr6bbAt uZoFN1vj6n5W3cLt4jQYM6Bk3E7TVcKK6JvhwC8155cKdrqTRSjtuKL5225fRSfS Z59RAjqZ2TYEyhHTGSgf73/QQdjJ/ygJmRcN2M7pavNv64oKdrvts5d9XwHxo/Fz FPszgSO0w+Y= =kGqu -----END PGP SIGNATURE-----