Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2017.0010
Multiple vulnerabilities have been identified in Mozilla
prior to version 45.7
27 January 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Mozilla Thunderbird
Operating System: Windows
Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Increased Privileges -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2017-5396 CVE-2017-5390 CVE-2017-5383
CVE-2017-5380 CVE-2017-5378 CVE-2017-5376
CVE-2017-5375 CVE-2017-5373
Member content until: Sunday, February 26 2017
Reference: ASB-2017.0007
ESB-2017.0225
ESB-2017.0224
OVERVIEW
Multiple vulnerabilities have been identified in Mozilla Thunderbird
prior to version 45.7. [1]
IMPACT
The vendor has provided the following information regarding these
vulnerabilities:
"#CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR
and DEP
JIT code allocation can allow for a bypass of ASLR and DEP
protections leading to potential memory corruption attacks.
#CVE-2017-5376: Use-after-free in XSL
Use-after-free while manipulating XSL in XSLT documents
#CVE-2017-5378: Pointer and frame data leakage of Javascript objects
Hashed codes of JavaScript objects are shared between pages. This
allows for pointer leaks because an object’s address can be
discovered through hash codes, and also allows for data leakage of
an object’s content using these hash codes.
#CVE-2017-5380: Potential use-after-free during DOM manipulations
A potential use-after-free found through fuzzing during DOM
manipulation of SVG content.
#CVE-2017-5390: Insecure communication methods in Developer Tools
JSON viewer
The JSON viewer in the Developer Tools uses insecure methods to
create a communication channel for copying and viewing JSON or HTTP
headers data, allowing for potential privilege escalation.
#CVE-2017-5396: Use-after-free with Media Decoder
A use-after-free vulnerability in the Media Decoder when working
with media files when some events are fired after the media elements
are freed from memory.
#CVE-2017-5383: Location bar spoofing with unicode characters
URLs containing certain unicode glyphs for alternative hyphens and
quotes do not properly trigger punycode display, allowing for domain
name spoofing attacks in the location bar.
#CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7
Mozilla developers and community members Christian Holler, Gary
Kwong, André Bargull, Jan de Mooij, Tom Schuster, and Oriol reported
memory safety bugs present in Thunderbird 45.6. Some of these bugs
showed evidence of memory corruption and we presume that with enough
effort that some of these could be exploited to run arbitrary code."
[1]
MITIGATION
The vendor recommends updating to the latest version. [1]
REFERENCES
[1] Mozilla Foundation Security Advisory 2017-03
https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWIrKbox+lLeg9Ub1AQj5TRAAlhVbepqrSWHwh31/LxhKZVf0pkpNMRAE
r97LFiS/mKWXa9bR07U49PJ4r7DI+S13euHeVDzeeF6ctTWSau1j1qLOFkawc3Z3
Ga9GoE4Nu93fZtqJ3ji0URfgyvLs5uz+2aW6c8TmTEQ6gWKd8WdJJMFNMHFphhzB
4q/5obtGux1j47RMbgseXxNkADL6lvu5Pmage6Il7KgHQTs0aGDRjCF6isNw6Jm0
qWS3DVIM6BFevBfJqEGkKy8h8lGgnb6FUuxtnYzYiqPh9MU4FkVBHLJROJRhPA40
tiett1F+REEYxCEvJEAnKJotyUBqRry+9ulhyrks4dQTC5lORuKXdl83HzIN3J11
JL3IoWxWj+CeI3iIVOIZR46TiVwg7xecVpcpRlStRNRLh+/oM0D1DInihR6YtnZc
8sDf3eo6ztrgY6CGbj3YhMeal4LHkMLJfHahN/yx1LKRYTL0medydhUb1I7snhWL
Jcssc95biccVFxm3oOzf8VdaG3VdMiLb1JdMuRE2XUFKxsBlOaO9JhMFsGr6bbAt
uZoFN1vj6n5W3cLt4jQYM6Bk3E7TVcKK6JvhwC8155cKdrqTRSjtuKL5225fRSfS
Z59RAjqZ2TYEyhHTGSgf73/QQdjJ/ygJmRcN2M7pavNv64oKdrvts5d9XwHxo/Fz
FPszgSO0w+Y=
=kGqu
-----END PGP SIGNATURE-----