English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.10.2017.0082
Category:Mageia Linux Local Security Checks
Title:Mageia: Security Advisory (MGASA-2017-0082)
Summary:The remote host is missing an update for the 'thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2017-0082 advisory.
Description:Summary:
The remote host is missing an update for the 'thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2017-0082 advisory.

Vulnerability Insight:
JIT-spray targeting asm.js combined with a heap spray allows for a bypass
of ASLR and DEP protections leading to potential memory corruption
attacks. (CVE-2017-5400)

A crash triggerable by web content in which an ErrorResult references
unassigned memory due to a logic error. The resulting crash may be
exploitable. (CVE-2017-5401)

A use-after-free can occur when events are fired for a FontFace object
after the object has been already been destroyed while working with fonts.
This results in a potentially exploitable crash. (CVE-2017-5402)

A use-after-free error can occur when manipulating ranges in selections
with one node inside a native anonymous tree and one node outside of it.
This results in a potentially exploitable crash. (CVE-2017-5404)

Using SVG filters that don't use the fixed point math implementation on a
target iframe, a malicious page can extract pixel values from a targeted
user. This can be used to extract history information and read text values
across domains. This violates same-origin policy and leads to information
disclosure. (CVE-2017-5407)

Memory corruption resulting in a potentially exploitable crash during
garbage collection of JavaScript due errors in how incremental sweeping is
managed for memory cleanup. (CVE-2017-5410)

Video files loaded video captions cross-origin without checking for the
presence of CORS headers permitting such cross-origin use, leading to
potential information disclosure for video captions. (CVE-2017-5408)

Certain response codes in FTP connections can result in the use of
uninitialized values for ports in FTP operations. (CVE-2017-5405)

Mozilla developers and community members Boris Zbarsky, Christian Holler,
Honza Bambas, Jon Coppeard, Randell Jesup, Andre Bargull, Kan-Ru Chen, and
Nathan Froyd reported memory safety bugs present in Thunderbird 45.7. Some
of these bugs showed evidence of memory corruption and we presume that
with enough effort that some of these could be exploited to run arbitrary
code. (CVE-2017-5398)

Affected Software/OS:
'thunderbird, thunderbird-l10n' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-5398
BugTraq ID: 96651
http://www.securityfocus.com/bid/96651
Debian Security Information: DSA-3805 (Google Search)
https://www.debian.org/security/2017/dsa-3805
Debian Security Information: DSA-3832 (Google Search)
https://www.debian.org/security/2017/dsa-3832
https://security.gentoo.org/glsa/201705-06
https://security.gentoo.org/glsa/201705-07
RedHat Security Advisories: RHSA-2017:0459
http://rhn.redhat.com/errata/RHSA-2017-0459.html
RedHat Security Advisories: RHSA-2017:0461
http://rhn.redhat.com/errata/RHSA-2017-0461.html
RedHat Security Advisories: RHSA-2017:0498
http://rhn.redhat.com/errata/RHSA-2017-0498.html
http://www.securitytracker.com/id/1037966
Common Vulnerability Exposure (CVE) ID: CVE-2017-5400
BugTraq ID: 96654
http://www.securityfocus.com/bid/96654
Common Vulnerability Exposure (CVE) ID: CVE-2017-5401
BugTraq ID: 96677
http://www.securityfocus.com/bid/96677
Common Vulnerability Exposure (CVE) ID: CVE-2017-5402
BugTraq ID: 96664
http://www.securityfocus.com/bid/96664
Common Vulnerability Exposure (CVE) ID: CVE-2017-5404
https://www.exploit-db.com/exploits/41660/
Common Vulnerability Exposure (CVE) ID: CVE-2017-5405
BugTraq ID: 96693
http://www.securityfocus.com/bid/96693
Common Vulnerability Exposure (CVE) ID: CVE-2017-5407
Common Vulnerability Exposure (CVE) ID: CVE-2017-5408
Common Vulnerability Exposure (CVE) ID: CVE-2017-5410
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.