SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Mozilla Thunderbird Vendors:   Mozilla.org
(Red Hat Issues Fix for Mozilla Thunderbird) Mozilla Firefox Multiple Flaws Let Remote Users Bypass Security Restrictions, Obtain Potentially Sensitive Information, and Execute Arbitrary Code
SecurityTracker Alert ID:  1037511
SecurityTracker URL:  http://securitytracker.com/id/1037511
CVE Reference:   CVE-2016-9893, CVE-2016-9895, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902   (Links to External Site)
Date:  Dec 21 2016
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass security controls on the target system. A remote user can obtain potentially sensitive information on the target system. A remote user can conduct cross-site scripting attacks. Mozilla Thunderbird is affected.

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A buffer overflow may occur in SkiaGl caused when a GrGLBuffer is truncated during allocation [CVE-2016-9894]. Mozilla ESR is not affected.

A use-after-free memory error may occur when manipulating DOM events and removing audio elements [CVE-2016-9899].

A use-after-free may occur in WebVR [CVE-2016-9896]. Mozilla ESR is not affected.

A memory corruption error may occur in libGLES [CVE-2016-9897].

A use-after-free memory may occur when manipulating DOM subtrees in the Editor [CVE-2016-9898].

Other code execution errors may occur [CVE-2016-9080, CVE-2016-9893]. Mozilla ESR is not affected by CVE-2016-9080.

A remote user can bypass inline JavaScript Content Security Policy (CSP) and cause event handlers on marquee elements to be executed [CVE-2016-9895].

A remote user can create a specially crafted SVG image that, when loaded by the target user, will access restricted external resources via 'data:' URLs [CVE-2016-9900].

A remote user can conduct a JavaScript Map/Set timing attack to obtain potentially sensitive information (e.g., usernames embedded in JavaScript code) from other domains [CVE-2016-9904].

A remote user can exploit an input validation flaw in the Pocket server to execute arbitrary JavaScript in the about:pocket-saved page and access the Pocket messaging API [CVE-2016-9901].

A remote user can exploit an origin validation flaw in the Pocket toolbar to inject content and commands into the Pocket context [CVE-2016-9902]. Systems with e10s enabled are not affected.

The add-ons SDK does not properly filter HTML code from user-supplied input before displaying the input [CVE-2016-9903]. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from an arbitrary site and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. Mozilla ESR is not affected.

Andrew Krasichkov, Aral, Atte Kettunen, Boris Zbarsky, Carsten Book, Christian Holler, Christoph Diehl, Filipe Gomes, Iris Hsiao, Jan de Mooij, Jann Horn, Kan-Ru Chen, Kris Maglione, Nils, Olli Pettay, Raymond Forbes, Timothy Nikkel, Tyson Smith, Wladimir Palant, echo, and insertscript reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can bypass security controls on the target system.

A remote user can obtain potentially sensitive information on the target system.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution:   Red Hat has issued a fix for CVE-2016-9893, CVE-2016-9895, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, and CVE-2016-9902 for Mozilla Thunderbird.

The Red Hat advisory is available at:

https://rhn.redhat.com/errata/RHSA-2016-2973.html

Vendor URL:  rhn.redhat.com/errata/RHSA-2016-2973.html (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  5, 6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Dec 14 2016 Mozilla Firefox Multiple Flaws Let Remote Users Bypass Security Restrictions, Obtain Potentially Sensitive Information, and Execute Arbitrary Code



 Source Message Contents

Subject:  [RHSA-2016:2973-01] Important: thunderbird security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update
Advisory ID:       RHSA-2016:2973-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2973.html
Issue date:        2016-12-21
CVE Names:         CVE-2016-9893 CVE-2016-9895 CVE-2016-9899 
                   CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 
                   CVE-2016-9905 
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 5,
Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 45.6.0.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9900,
CVE-2016-9901, CVE-2016-9902, CVE-2016-9905)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Wladimir Palant, Philipp, Andrew Krasichkov,
insertscript, Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book,
Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, and Boris
Zbarsky as the original reporters.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1404083 - CVE-2016-9899 Mozilla: Use-after-free while manipulating DOM events and audio elements (MFSA 2016-94, MFSA 2016-95)
1404086 - CVE-2016-9895 Mozilla: CSP bypass using marquee tag (MFSA 2016-94, MFSA 2016-95)
1404090 - CVE-2016-9900 Mozilla: Restricted external resources can be loaded by SVG images through data URLs (MFSA 2016-94, MFSA 2016-95)
1404094 - CVE-2016-9905 Mozilla: Crash in EnumerateSubDocuments (MFSA 2016-94, MFSA 2016-95)
1404096 - CVE-2016-9893 Mozilla: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 (MFSA 2016-95)
1404358 - CVE-2016-9901 Mozilla: Data from Pocket server improperly sanitized before execution (MFSA 2016-94, MFSA 2016-95)
1404359 - CVE-2016-9902 Mozilla: Pocket extension does not validate the origin of events (MFSA 2016-94, MFSA 2016-95)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
thunderbird-45.6.0-1.el5_11.src.rpm

i386:
thunderbird-45.6.0-1.el5_11.i386.rpm
thunderbird-debuginfo-45.6.0-1.el5_11.i386.rpm

x86_64:
thunderbird-45.6.0-1.el5_11.x86_64.rpm
thunderbird-debuginfo-45.6.0-1.el5_11.x86_64.rpm

Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server):

Source:
thunderbird-45.6.0-1.el5_11.src.rpm

i386:
thunderbird-45.6.0-1.el5_11.i386.rpm
thunderbird-debuginfo-45.6.0-1.el5_11.i386.rpm

x86_64:
thunderbird-45.6.0-1.el5_11.x86_64.rpm
thunderbird-debuginfo-45.6.0-1.el5_11.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
thunderbird-45.6.0-1.el6_8.src.rpm

i386:
thunderbird-45.6.0-1.el6_8.i686.rpm
thunderbird-debuginfo-45.6.0-1.el6_8.i686.rpm

x86_64:
thunderbird-45.6.0-1.el6_8.x86_64.rpm
thunderbird-debuginfo-45.6.0-1.el6_8.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
thunderbird-45.6.0-1.el6_8.src.rpm

i386:
thunderbird-45.6.0-1.el6_8.i686.rpm
thunderbird-debuginfo-45.6.0-1.el6_8.i686.rpm

ppc64:
thunderbird-45.6.0-1.el6_8.ppc64.rpm
thunderbird-debuginfo-45.6.0-1.el6_8.ppc64.rpm

s390x:
thunderbird-45.6.0-1.el6_8.s390x.rpm
thunderbird-debuginfo-45.6.0-1.el6_8.s390x.rpm

x86_64:
thunderbird-45.6.0-1.el6_8.x86_64.rpm
thunderbird-debuginfo-45.6.0-1.el6_8.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
thunderbird-45.6.0-1.el6_8.src.rpm

i386:
thunderbird-45.6.0-1.el6_8.i686.rpm
thunderbird-debuginfo-45.6.0-1.el6_8.i686.rpm

x86_64:
thunderbird-45.6.0-1.el6_8.x86_64.rpm
thunderbird-debuginfo-45.6.0-1.el6_8.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
thunderbird-45.6.0-1.el7_3.src.rpm

x86_64:
thunderbird-45.6.0-1.el7_3.x86_64.rpm
thunderbird-debuginfo-45.6.0-1.el7_3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:
thunderbird-45.6.0-1.el7_3.src.rpm

aarch64:
thunderbird-45.6.0-1.el7_3.aarch64.rpm
thunderbird-debuginfo-45.6.0-1.el7_3.aarch64.rpm

ppc64le:
thunderbird-45.6.0-1.el7_3.ppc64le.rpm
thunderbird-debuginfo-45.6.0-1.el7_3.ppc64le.rpm

x86_64:
thunderbird-45.6.0-1.el7_3.x86_64.rpm
thunderbird-debuginfo-45.6.0-1.el7_3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
thunderbird-45.6.0-1.el7_3.src.rpm

x86_64:
thunderbird-45.6.0-1.el7_3.x86_64.rpm
thunderbird-debuginfo-45.6.0-1.el7_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-9893
https://access.redhat.com/security/cve/CVE-2016-9895
https://access.redhat.com/security/cve/CVE-2016-9899
https://access.redhat.com/security/cve/CVE-2016-9900
https://access.redhat.com/security/cve/CVE-2016-9901
https://access.redhat.com/security/cve/CVE-2016-9902
https://access.redhat.com/security/cve/CVE-2016-9905
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFYWlMfXlSAg2UNWIIRAiNoAKCwtMYDqaZ1/XWRLmh4b+yo+JZmeACdFQmG
3kx80YpOWkDWUOSvbANGfEY=
=B6Uj
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC