SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Mozilla Thunderbird Vendors:   Mozilla.org
(CentOS Issues Fix for Mozilla Thunderbird) Mozilla Firefox Flaw in EnumerateSubDocuments() Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1037522
SecurityTracker URL:  http://securitytracker.com/id/1037522
CVE Reference:   CVE-2016-9905   (Links to External Site)
Date:  Dec 22 2016
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. Mozilla Thunderbird is affected.

A remote user can create specially crafted content that, when loaded by the target user, will trigger a flaw in EnumerateSubDocuments() in adding or removing sub-documents and execute arbitrary code on the target user's system.

Mozilla Firefox ESR is affected.

Philipp reported this vulnerability.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   CentOS has issued a fix for Mozilla Thunderbird.

i386:
68500438708f0e33a442e99c81208b99bd052055f291aaea4f696bdf271a79b8 thunderbird-45.6.0-1.el5.centos.i386.rpm

x86_64:
0a95da3511990f72243293d5a4b3d3757234a8e6cf606af1dacae5a4237b212f thunderbird-45.6.0-1.el5.centos.x86_64.rpm

Source:
c10d0d72fce28dcde43d2c25e4b10965b4240bbf9700a8cf2dc77a2faa3f6ecf thunderbird-45.6.0-1.el5.centos.src.rpm

i386:
8c91c61dd852242bfbb5978e0a408507ec0350ba6c9bc8e4087f156ba1126497 thunderbird-45.6.0-1.el6.centos.i686.rpm

x86_64:
1f871b22036c3d197a97d0ce3dfbacd0ffdd52098ecf1f4f1c1f836f5289263e thunderbird-45.6.0-1.el6.centos.x86_64.rpm

Source:
9b4f296a73d6974bdbfd9491f16905bf3d6d34346ac3d3b4cec9d8121fde1833 thunderbird-45.6.0-1.el6.centos.src.rpm

x86_64:
ed7cb4c72670f67eb12f9e904a9529a8053a53cc5551f75719484923c71417a6 thunderbird-45.6.0-1.el7.centos.x86_64.rpm

Source:
4e4035a33ea7dd337908115764760a5c35247118a769a29e1c24837070c4dd30 thunderbird-45.6.0-1.el7.centos.src.rpm

Cause:   Access control error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  5, 6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Dec 14 2016 Mozilla Firefox Flaw in EnumerateSubDocuments() Lets Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:2973 Important CentOS 7 thunderbird Security Update


CentOS Errata and Security Advisory 2016:2973 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-2973.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
ed7cb4c72670f67eb12f9e904a9529a8053a53cc5551f75719484923c71417a6  thunderbird-45.6.0-1.el7.centos.x86_64.rpm

Source:
4e4035a33ea7dd337908115764760a5c35247118a769a29e1c24837070c4dd30  thunderbird-45.6.0-1.el7.centos.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC