SB2024030402 - Ubuntu update for thunderbird
Published: March 4, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2024-0741)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in ANGLE when processing untrusted input. A remote attacker can trick the victim to open a specially crafted website, trigger an out-of-bounds write and execute arbitrary code on the target system.
2) Security features bypass (CVE-ID: CVE-2024-0742)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to failure to update user input timestamp for certain browser prompts and dialogs. A remote attacker can perform clickjacking attack and trick the victim into providing unintended permissions to a malicious website.
3) Security features bypass (CVE-ID: CVE-2024-0747)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in the way the Content Security Policy handles unsafe-inline directive. When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-0749)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to application does not properly impose security restrictions. A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar.
5) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2024-0750)
The vulnerability allows a remote attacker to perform a clickjacking attack.
The vulnerability exists due to an error in popup notifications delay calculation. A remote attacker can perform a clickjacking attack and trick a user into granting permissions to a malicious web application.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-0751)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions. A malicious devtools extension could have been used to escalate privileges.
7) Security features bypass (CVE-ID: CVE-2024-0753)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when handling HSTS on a subdomain. In specific HSTS configurations an attacker could have bypassed HSTS.
8) Buffer overflow (CVE-ID: CVE-2024-0755)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Spoofing attack (CVE-ID: CVE-2024-1547)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can use a series of API calls and redirects to display an attacker-controlled alert dialog on another website (with the victim website's URL shown).
10) Spoofing attack (CVE-ID: CVE-2024-1548)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can hide the fullscreen notification by using a dropdown select input element.
11) Spoofing attack (CVE-ID: CVE-2024-1549)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can use a malicious website to set a large custom cursor, portions of the which can overlap with the permission dialog, potentially resulting in user confusion and unexpected granted permissions.
12) Spoofing attack (CVE-ID: CVE-2024-1550)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can use a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant.
13) Buffer overflow (CVE-ID: CVE-2024-1553)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Reachable Assertion (CVE-ID: CVE-2024-0746)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when listing pointers on Linux. A remote attacker can trick the victim to open the print preview dialog and crash the browser.
15) Out-of-bounds read (CVE-ID: CVE-2024-1546)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when storing and re-accessing data on a networking channel. A remote attacker can trick the victim to visit a specially crafted website, trigger an out-of-bounds read and execute arbitrary code on the target system.
16) Input validation error (CVE-ID: CVE-2024-1551)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input when processing Set-Cookie response headers in multipart HTTP responses. A remote attacker who controls the Content-Type response header and part of the response body can inject Set-Cookie response headers that are honored by the browser.
17) Resource management error (CVE-ID: CVE-2024-1552)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper management of internal resources within the browser during code generation on 32-bit ARM devices. A remote attacker can trick the victim to visit a specially crafted website and bypass implemented security restrictions.
Remediation
Install update from vendor's website.