SB2018052420 - Red Hat update for Mozilla Thunderbird

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018052420

SB2018052420 - Red Hat update for Mozilla Thunderbird

Published: May 24, 2018 Updated: May 28, 2018

Security Bulletin ID SB2018052420
Severity
High
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2018-5150)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

2) Use-after-free error (CVE-ID: CVE-2018-5154)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error while enumerating attributes during SVG animations with clip paths. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

3) Use-after-free error (CVE-ID: CVE-2018-5155)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error while adjusting layout during SVG animations with text paths. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

4) Memory corruption (CVE-ID: CVE-2018-5159)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow in the Skia library while 32-bit integer use in an array without integer overflow checks. A remote attacker can trick the victim into visiting a specially crafted website, trigger out-of-bounds write and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability result may result in system compromise.

5) Improper input validation (CVE-ID: CVE-2018-5161)

The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can use specially crafted message headers and cause a Thunderbird process to hang on receiving the message.


6) Information disclosure (CVE-ID: CVE-2018-5162)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can use the src attribute of remote images or links and disclose plaintext of decrypted emails.

7) Security restrictions bypass (CVE-ID: CVE-2018-5168)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper privileges or access controls. A remote attacker can manipulate the baseURI property of the theme element, bypass security restrictions and cause lightweight themes to be installed without user interaction which could contain offensive or embarrassing images.

8) Spoofing attack (CVE-ID: CVE-2018-5170)

The disclosed vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to insufficient input validation of user-supplied input. A remote attacker can use external attachments, spoof the filename of an attachment and display an arbitrary attachment name.


9) Buffer overflow (CVE-ID: CVE-2018-5178)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to improper bounds checking during UTF8 to Unicode string conversion. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.


10) Memory corruption (CVE-ID: CVE-2018-5183)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to multiple memory corruptions in the Skia library. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruptions and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.


11) Information disclosure (CVE-ID: CVE-2018-5184)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can use remote content in encrypted messages and disclose plaintext.

12) Information disclosure (CVE-ID: CVE-2018-5185)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can submit a specially crafted HTML form and disclose plaintext of decrypted emails.

Remediation

Install update from vendor's website.

References