Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-5373 (GCVE-0-2017-5373)
Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-05 14:55
VLAI?
EPSS
Summary
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
Severity ?
No CVSS data available.
CWE
- Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201702-22 | vendor-advisoryx_refsource_GENTOO |
| https://www.debian.org/security/2017/dsa-3832 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/95762 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201702-13 | vendor-advisoryx_refsource_GENTOO |
| https://www.debian.org/security/2017/dsa-3771 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securitytracker.com/id/1037693 | vdb-entryx_refsource_SECTRACK |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2017-0190.html | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.mozilla.org/buglist.cgi?bug_id=1… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2017-0238.html | vendor-advisoryx_refsource_REDHAT |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Affected:
unspecified , < 45.7
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 45.7
(custom)
|
|
| Mozilla | Firefox |
Affected:
unspecified , < 51
(custom)
|
Date Public ?
2017-01-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
},
{
"name": "GLSA-201702-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-22"
},
{
"name": "DSA-3832",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"name": "95762",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95762"
},
{
"name": "GLSA-201702-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-13"
},
{
"name": "DSA-3771",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3771"
},
{
"name": "1037693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037693"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"name": "RHSA-2017:0190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877"
},
{
"name": "RHSA-2017:0238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "51",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
},
{
"name": "GLSA-201702-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-22"
},
{
"name": "DSA-3832",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"name": "95762",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95762"
},
{
"name": "GLSA-201702-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-13"
},
{
"name": "DSA-3771",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3771"
},
{
"name": "1037693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037693"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"name": "RHSA-2017:0190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877"
},
{
"name": "RHSA-2017:0238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.7"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.7"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "51"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-03/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-02/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
},
{
"name": "GLSA-201702-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-22"
},
{
"name": "DSA-3832",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"name": "95762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95762"
},
{
"name": "GLSA-201702-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-13"
},
{
"name": "DSA-3771",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3771"
},
{
"name": "1037693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037693"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-01/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"name": "RHSA-2017:0190",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877"
},
{
"name": "RHSA-2017:0238",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2017-5373",
"datePublished": "2018-06-11T21:00:00.000Z",
"dateReserved": "2017-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:55:35.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-5373",
"date": "2026-05-20",
"epss": "0.01799",
"percentile": "0.83004"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"51.0\", \"matchCriteriaId\": \"19A47E81-DD45-46A3-BB7F-C48882794EA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"45.7.0\", \"matchCriteriaId\": \"EB932C8A-77BE-40D5-AC4D-EFF0361BE98F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"45.7.0\", \"matchCriteriaId\": \"C0629141-14B7-4881-8EC7-078E4AA5EC46\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"133AAFA7-AF42-4D7B-8822-AA2E85611BF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54D669D4-6D7E-449D-80C1-28FA44F06FFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0AC5CD5-6E58-433C-9EB3-6DFE5656463E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.\"}, {\"lang\": \"es\", \"value\": \"Se han reportado errores de seguridad de memoria en Firefox 50.1 y Firefox ESR 45.6. Algunos de estos errores mostraron evidencias de corrupci\\u00f3n de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podr\\u00edan explotarse para ejecutar c\\u00f3digo arbitrario. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51.\"}]",
"id": "CVE-2017-5373",
"lastModified": "2024-11-21T03:27:28.273",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-06-11T21:29:02.577",
"references": "[{\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0190.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0238.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95762\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037693\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://security.gentoo.org/glsa/201702-13\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201702-22\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-3771\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-3832\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2017-01/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2017-02/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2017-03/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0190.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0238.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95762\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037693\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://security.gentoo.org/glsa/201702-13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201702-22\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-3771\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-3832\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2017-01/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2017-02/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2017-03/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-5373\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2018-06-11T21:29:02.577\",\"lastModified\":\"2025-11-25T17:50:16.803\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.\"},{\"lang\":\"es\",\"value\":\"Se han reportado errores de seguridad de memoria en Firefox 50.1 y Firefox ESR 45.6. Algunos de estos errores mostraron evidencias de corrupci\u00f3n de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podr\u00edan explotarse para ejecutar c\u00f3digo arbitrario. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"45.7.0\",\"matchCriteriaId\":\"346110D9-1DEE-432F-887C-55B810C9C7C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"51.0\",\"matchCriteriaId\":\"19A47E81-DD45-46A3-BB7F-C48882794EA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"45.7.0\",\"matchCriteriaId\":\"C0629141-14B7-4881-8EC7-078E4AA5EC46\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"133AAFA7-AF42-4D7B-8822-AA2E85611BF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54D669D4-6D7E-449D-80C1-28FA44F06FFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0AC5CD5-6E58-433C-9EB3-6DFE5656463E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0190.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0238.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95762\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037693\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://security.gentoo.org/glsa/201702-13\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201702-22\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-3771\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-3832\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-01/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-02/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-03/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0190.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0238.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95762\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037693\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://security.gentoo.org/glsa/201702-13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201702-22\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-3771\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-3832\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-01/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-02/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-03/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2017-AVI-029
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla Firefox ESR versions ant\u00e9rieures \u00e0 45.7",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Firefox versions ant\u00e9rieures \u00e0 51",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5383"
},
{
"name": "CVE-2017-5380",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5380"
},
{
"name": "CVE-2017-5396",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5396"
},
{
"name": "CVE-2017-5395",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5395"
},
{
"name": "CVE-2017-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5388"
},
{
"name": "CVE-2017-5375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5375"
},
{
"name": "CVE-2017-5389",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5389"
},
{
"name": "CVE-2017-5385",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5385"
},
{
"name": "CVE-2017-5387",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5387"
},
{
"name": "CVE-2017-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5391"
},
{
"name": "CVE-2017-5384",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5384"
},
{
"name": "CVE-2017-5393",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5393"
},
{
"name": "CVE-2017-5392",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5392"
},
{
"name": "CVE-2017-5390",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5390"
},
{
"name": "CVE-2017-5394",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5394"
},
{
"name": "CVE-2017-5379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5379"
},
{
"name": "CVE-2017-5374",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5374"
},
{
"name": "CVE-2017-5382",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5382"
},
{
"name": "CVE-2017-5381",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5381"
},
{
"name": "CVE-2017-5377",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5377"
},
{
"name": "CVE-2017-5378",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5378"
},
{
"name": "CVE-2017-5373",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5373"
},
{
"name": "CVE-2017-5376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5376"
},
{
"name": "CVE-2017-5386",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5386"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-029",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-01-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla Firefox\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2017-01 du 24 janvier 2017",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2017-02 du 24 janvier 2017",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/"
}
]
}
CERTFR-2017-AVI-033
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Thunderbird versions antérieures à 45.7
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eThunderbird versions ant\u00e9rieures \u00e0 45.7\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5383"
},
{
"name": "CVE-2017-5380",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5380"
},
{
"name": "CVE-2017-5396",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5396"
},
{
"name": "CVE-2017-5375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5375"
},
{
"name": "CVE-2017-5390",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5390"
},
{
"name": "CVE-2017-5378",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5378"
},
{
"name": "CVE-2017-5373",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5373"
},
{
"name": "CVE-2017-5376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5376"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-033",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-01-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla Thunderbird\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2017-03 du 26 janvier 2017",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/"
}
]
}
CERTFR-2017-AVI-029
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla Firefox ESR versions ant\u00e9rieures \u00e0 45.7",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Firefox versions ant\u00e9rieures \u00e0 51",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5383"
},
{
"name": "CVE-2017-5380",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5380"
},
{
"name": "CVE-2017-5396",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5396"
},
{
"name": "CVE-2017-5395",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5395"
},
{
"name": "CVE-2017-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5388"
},
{
"name": "CVE-2017-5375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5375"
},
{
"name": "CVE-2017-5389",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5389"
},
{
"name": "CVE-2017-5385",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5385"
},
{
"name": "CVE-2017-5387",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5387"
},
{
"name": "CVE-2017-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5391"
},
{
"name": "CVE-2017-5384",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5384"
},
{
"name": "CVE-2017-5393",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5393"
},
{
"name": "CVE-2017-5392",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5392"
},
{
"name": "CVE-2017-5390",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5390"
},
{
"name": "CVE-2017-5394",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5394"
},
{
"name": "CVE-2017-5379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5379"
},
{
"name": "CVE-2017-5374",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5374"
},
{
"name": "CVE-2017-5382",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5382"
},
{
"name": "CVE-2017-5381",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5381"
},
{
"name": "CVE-2017-5377",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5377"
},
{
"name": "CVE-2017-5378",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5378"
},
{
"name": "CVE-2017-5373",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5373"
},
{
"name": "CVE-2017-5376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5376"
},
{
"name": "CVE-2017-5386",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5386"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-029",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-01-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla Firefox\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2017-01 du 24 janvier 2017",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2017-02 du 24 janvier 2017",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/"
}
]
}
CERTFR-2017-AVI-033
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Thunderbird versions antérieures à 45.7
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eThunderbird versions ant\u00e9rieures \u00e0 45.7\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-5383",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5383"
},
{
"name": "CVE-2017-5380",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5380"
},
{
"name": "CVE-2017-5396",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5396"
},
{
"name": "CVE-2017-5375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5375"
},
{
"name": "CVE-2017-5390",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5390"
},
{
"name": "CVE-2017-5378",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5378"
},
{
"name": "CVE-2017-5373",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5373"
},
{
"name": "CVE-2017-5376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5376"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-033",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-01-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla Thunderbird\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2017-03 du 26 janvier 2017",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/"
}
]
}
CNVD-2018-12102
Vulnerability from cnvd - Published: 2018-06-26
VLAI Severity ?
Title
Mozilla Firefox、Firefox ESR和Thunderbird内存破坏漏洞(CNVD-2018-12102)
Description
Mozilla Firefox、Firefox ESR和Thunderbird都是由美国Mozilla基金会开发的产品。Firefox是一款开源Web浏览器,Firefox ESR是Firefox的一个延长支持版本。Thunderbird是从Mozilla Application Suite中独立出来的一套电子邮件客户端软件。
Mozilla Thunderbird 45.7之前版本、Firefox ESR 45.7之前版本和Firefox 51之前版本中存在安全漏洞。攻击者可利用该漏洞破坏内存,执行任意代码。
Severity
高
Patch Name
Mozilla Firefox、Firefox ESR和Thunderbird内存破坏漏洞(CNVD-2018-12102)的补丁
Patch Description
Mozilla Firefox、Firefox ESR和Thunderbird都是由美国Mozilla基金会开发的产品。Firefox是一款开源Web浏览器,Firefox ESR是Firefox的一个延长支持版本。Thunderbird是从Mozilla Application Suite中独立出来的一套电子邮件客户端软件。
Mozilla Thunderbird 45.7之前版本、Firefox ESR 45.7之前版本和Firefox 51之前版本中存在安全漏洞。攻击者可利用该漏洞破坏内存,执行任意代码。 目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/
Reference
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877
Impacted products
| Name | ['Mozilla Firefox ESR <45.7', 'Mozilla Firefox <51', 'Mozilla Thunderbird <45.7'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-5373",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"
}
},
"description": "Mozilla Firefox\u3001Firefox ESR\u548cThunderbird\u90fd\u662f\u7531\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff0cFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Thunderbird\u662f\u4eceMozilla Application Suite\u4e2d\u72ec\u7acb\u51fa\u6765\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\r\n\r\nMozilla Thunderbird 45.7\u4e4b\u524d\u7248\u672c\u3001Firefox ESR 45.7\u4e4b\u524d\u7248\u672c\u548cFirefox 51\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7834\u574f\u5185\u5b58\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Mozilla",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-01/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-12102",
"openTime": "2018-06-26",
"patchDescription": "Mozilla Firefox\u3001Firefox ESR\u548cThunderbird\u90fd\u662f\u7531\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u5f00\u53d1\u7684\u4ea7\u54c1\u3002Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff0cFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Thunderbird\u662f\u4eceMozilla Application Suite\u4e2d\u72ec\u7acb\u51fa\u6765\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\r\n\r\nMozilla Thunderbird 45.7\u4e4b\u524d\u7248\u672c\u3001Firefox ESR 45.7\u4e4b\u524d\u7248\u672c\u548cFirefox 51\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7834\u574f\u5185\u5b58\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mozilla Firefox\u3001Firefox ESR\u548cThunderbird\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2018-12102\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Mozilla Firefox ESR \u003c45.7",
"Mozilla Firefox \u003c51",
"Mozilla Thunderbird \u003c45.7"
]
},
"referenceLink": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877",
"serverity": "\u9ad8",
"submitTime": "2018-06-26",
"title": "Mozilla Firefox\u3001Firefox ESR\u548cThunderbird\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2018-12102\uff09"
}
FKIE_CVE-2017-5373
Vulnerability from fkie_nvd - Published: 2018-06-11 21:29 - Updated: 2025-11-25 17:50
Severity ?
Summary
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | firefox | * | |
| mozilla | thunderbird | * | |
| debian | debian_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 5.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "346110D9-1DEE-432F-887C-55B810C9C7C4",
"versionEndExcluding": "45.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19A47E81-DD45-46A3-BB7F-C48882794EA6",
"versionEndExcluding": "51.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0629141-14B7-4881-8EC7-078E4AA5EC46",
"versionEndExcluding": "45.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
},
{
"lang": "es",
"value": "Se han reportado errores de seguridad de memoria en Firefox 50.1 y Firefox ESR 45.6. Algunos de estos errores mostraron evidencias de corrupci\u00f3n de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podr\u00edan explotarse para ejecutar c\u00f3digo arbitrario. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51."
}
],
"id": "CVE-2017-5373",
"lastModified": "2025-11-25T17:50:16.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-11T21:29:02.577",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95762"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037693"
},
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-13"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-22"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3771"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-Q95X-V9CP-2P83
Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2025-11-25 18:32
VLAI?
Details
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2017-5373"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "CRITICAL"
},
"details": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"id": "GHSA-q95x-v9cp-2p83",
"modified": "2025-11-25T18:32:07Z",
"published": "2022-05-14T03:10:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5373"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-13"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-22"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3771"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-02"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-03"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95762"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037693"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2017-5373
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-5373",
"description": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"id": "GSD-2017-5373",
"references": [
"https://www.suse.com/security/cve/CVE-2017-5373.html",
"https://www.debian.org/security/2017/dsa-3832",
"https://www.debian.org/security/2017/dsa-3771",
"https://access.redhat.com/errata/RHSA-2017:0238",
"https://access.redhat.com/errata/RHSA-2017:0190",
"https://ubuntu.com/security/CVE-2017-5373",
"https://advisories.mageia.org/CVE-2017-5373.html",
"https://security.archlinux.org/CVE-2017-5373",
"https://linux.oracle.com/cve/CVE-2017-5373.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-5373"
],
"details": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"id": "GSD-2017-5373",
"modified": "2023-12-13T01:21:13.912138Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.7"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.7"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "51"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-03/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-02/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
},
{
"name": "GLSA-201702-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-22"
},
{
"name": "DSA-3832",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"name": "95762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95762"
},
{
"name": "GLSA-201702-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-13"
},
{
"name": "DSA-3771",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3771"
},
{
"name": "1037693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037693"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-01/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"name": "RHSA-2017:0190",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877"
},
{
"name": "RHSA-2017:0238",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
}
]
}
},
"mozilla.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5373"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.7"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "51"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.7"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla developers and community members Christian Holler, Gary Kwong, Andr\u00e9 Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 45.7, Firefox \u003c 51, and Thunderbird \u003c 45.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "51.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "45.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "45.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5373"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-03/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-02/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-01/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877"
},
{
"name": "DSA-3832",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"name": "DSA-3771",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3771"
},
{
"name": "GLSA-201702-22",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-22"
},
{
"name": "GLSA-201702-13",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201702-13"
},
{
"name": "1037693",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037693"
},
{
"name": "95762",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95762"
},
{
"name": "RHSA-2017:0238",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
},
{
"name": "RHSA-2017:0190",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-08-02T19:34Z",
"publishedDate": "2018-06-11T21:29Z"
}
}
}
OPENSUSE-SU-2017:0354-1
Vulnerability from csaf_opensuse - Published: 2017-02-01 17:54 - Updated: 2017-02-01 17:54Summary
Security update for MozillaThunderbird
Severity
Moderate
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update to Mozilla Thunderbird 45.7.0 fixes security issues and bugs.
The following security issues from advisory MFSA 2017-03 were fixed (boo#1021991)
In general, these flaws cannot be exploited through email in
Thunderbird because scripting is disabled when reading mail,
but are potentially risks in browser or browser-like contexts:
- CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (boo#1021814)
- CVE-2017-5376: Use-after-free in XSL (boo#1021817)
- CVE-2017-5378: Pointer and frame data leakage of Javascript objects (boo#1021818)
- CVE-2017-5380: Potential use-after-free during DOM manipulations (boo#1021819)
- CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (boo#1021820)
- CVE-2017-5396: Use-after-free with Media Decoder (boo#1021821)
- CVE-2017-5383: Location bar spoofing with unicode characters (boo#1021822)
- CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7 (boo#1021824)
The following non-security bugs were fixed:
- Message preview pane non-functional after IMAP folder was renamed or moved
- 'Move To' button on 'Search Messages' panel not working
- Message sent to 'undisclosed recipients' shows no recipient
(non-functional since Thunderbird version 38)
Patchnames: openSUSE-2017-188
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
43 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update to Mozilla Thunderbird 45.7.0 fixes security issues and bugs.\n\nThe following security issues from advisory MFSA 2017-03 were fixed (boo#1021991)\nIn general, these flaws cannot be exploited through email in\nThunderbird because scripting is disabled when reading mail,\nbut are potentially risks in browser or browser-like contexts:\n\n- CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (boo#1021814)\n- CVE-2017-5376: Use-after-free in XSL (boo#1021817)\n- CVE-2017-5378: Pointer and frame data leakage of Javascript objects (boo#1021818)\n- CVE-2017-5380: Potential use-after-free during DOM manipulations (boo#1021819)\n- CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (boo#1021820)\n- CVE-2017-5396: Use-after-free with Media Decoder (boo#1021821)\n- CVE-2017-5383: Location bar spoofing with unicode characters (boo#1021822)\n- CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7 (boo#1021824)\n\nThe following non-security bugs were fixed:\n\n- Message preview pane non-functional after IMAP folder was renamed or moved\n- \u0027Move To\u0027 button on \u0027Search Messages\u0027 panel not working\n- Message sent to \u0027undisclosed recipients\u0027 shows no recipient\n (non-functional since Thunderbird version 38)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2017-188",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_0354-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1021814",
"url": "https://bugzilla.suse.com/1021814"
},
{
"category": "self",
"summary": "SUSE Bug 1021817",
"url": "https://bugzilla.suse.com/1021817"
},
{
"category": "self",
"summary": "SUSE Bug 1021818",
"url": "https://bugzilla.suse.com/1021818"
},
{
"category": "self",
"summary": "SUSE Bug 1021819",
"url": "https://bugzilla.suse.com/1021819"
},
{
"category": "self",
"summary": "SUSE Bug 1021820",
"url": "https://bugzilla.suse.com/1021820"
},
{
"category": "self",
"summary": "SUSE Bug 1021821",
"url": "https://bugzilla.suse.com/1021821"
},
{
"category": "self",
"summary": "SUSE Bug 1021822",
"url": "https://bugzilla.suse.com/1021822"
},
{
"category": "self",
"summary": "SUSE Bug 1021824",
"url": "https://bugzilla.suse.com/1021824"
},
{
"category": "self",
"summary": "SUSE Bug 1021991",
"url": "https://bugzilla.suse.com/1021991"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5373 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5375 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5376 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5378 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5380 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5383 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5390 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5396 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5396/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2017-02-01T17:54:52Z",
"generator": {
"date": "2017-02-01T17:54:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2017:0354-1",
"initial_release_date": "2017-02-01T17:54:52Z",
"revision_history": [
{
"date": "2017-02-01T17:54:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-45.7.0-23.1.aarch64",
"product": {
"name": "MozillaThunderbird-45.7.0-23.1.aarch64",
"product_id": "MozillaThunderbird-45.7.0-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"product": {
"name": "MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"product_id": "MozillaThunderbird-devel-45.7.0-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"product_id": "MozillaThunderbird-translations-common-45.7.0-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"product_id": "MozillaThunderbird-translations-other-45.7.0-23.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-45.7.0-23.1.s390x",
"product": {
"name": "MozillaThunderbird-45.7.0-23.1.s390x",
"product_id": "MozillaThunderbird-45.7.0-23.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-45.7.0-23.1.s390x",
"product": {
"name": "MozillaThunderbird-devel-45.7.0-23.1.s390x",
"product_id": "MozillaThunderbird-devel-45.7.0-23.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"product_id": "MozillaThunderbird-translations-common-45.7.0-23.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"product_id": "MozillaThunderbird-translations-other-45.7.0-23.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-45.7.0-23.1.x86_64",
"product": {
"name": "MozillaThunderbird-45.7.0-23.1.x86_64",
"product_id": "MozillaThunderbird-45.7.0-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"product": {
"name": "MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"product_id": "MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"product": {
"name": "MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"product_id": "MozillaThunderbird-devel-45.7.0-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-45.7.0-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-45.7.0-23.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64"
},
"product_reference": "MozillaThunderbird-45.7.0-23.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-45.7.0-23.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x"
},
"product_reference": "MozillaThunderbird-45.7.0-23.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-45.7.0-23.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64"
},
"product_reference": "MozillaThunderbird-45.7.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64"
},
"product_reference": "MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-45.7.0-23.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64"
},
"product_reference": "MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-45.7.0-23.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x"
},
"product_reference": "MozillaThunderbird-devel-45.7.0-23.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-45.7.0-23.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64"
},
"product_reference": "MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-45.7.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5373"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5373",
"url": "https://www.suse.com/security/cve/CVE-2017-5373"
},
{
"category": "external",
"summary": "SUSE Bug 1021824 for CVE-2017-5373",
"url": "https://bugzilla.suse.com/1021824"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5373",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "important"
}
],
"title": "CVE-2017-5373"
},
{
"cve": "CVE-2017-5375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5375"
}
],
"notes": [
{
"category": "general",
"text": "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5375",
"url": "https://www.suse.com/security/cve/CVE-2017-5375"
},
{
"category": "external",
"summary": "SUSE Bug 1021814 for CVE-2017-5375",
"url": "https://bugzilla.suse.com/1021814"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5375",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "important"
}
],
"title": "CVE-2017-5375"
},
{
"cve": "CVE-2017-5376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5376"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5376",
"url": "https://www.suse.com/security/cve/CVE-2017-5376"
},
{
"category": "external",
"summary": "SUSE Bug 1021817 for CVE-2017-5376",
"url": "https://bugzilla.suse.com/1021817"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5376",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "important"
}
],
"title": "CVE-2017-5376"
},
{
"cve": "CVE-2017-5378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5378"
}
],
"notes": [
{
"category": "general",
"text": "Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object\u0027s address can be discovered through hash codes, and also allows for data leakage of an object\u0027s content using these hash codes. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5378",
"url": "https://www.suse.com/security/cve/CVE-2017-5378"
},
{
"category": "external",
"summary": "SUSE Bug 1021818 for CVE-2017-5378",
"url": "https://bugzilla.suse.com/1021818"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5378",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "moderate"
}
],
"title": "CVE-2017-5378"
},
{
"cve": "CVE-2017-5380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5380"
}
],
"notes": [
{
"category": "general",
"text": "A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5380",
"url": "https://www.suse.com/security/cve/CVE-2017-5380"
},
{
"category": "external",
"summary": "SUSE Bug 1021819 for CVE-2017-5380",
"url": "https://bugzilla.suse.com/1021819"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5380",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "moderate"
}
],
"title": "CVE-2017-5380"
},
{
"cve": "CVE-2017-5383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5383"
}
],
"notes": [
{
"category": "general",
"text": "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5383",
"url": "https://www.suse.com/security/cve/CVE-2017-5383"
},
{
"category": "external",
"summary": "SUSE Bug 1021822 for CVE-2017-5383",
"url": "https://bugzilla.suse.com/1021822"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5383",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "moderate"
}
],
"title": "CVE-2017-5383"
},
{
"cve": "CVE-2017-5390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5390"
}
],
"notes": [
{
"category": "general",
"text": "The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5390",
"url": "https://www.suse.com/security/cve/CVE-2017-5390"
},
{
"category": "external",
"summary": "SUSE Bug 1021820 for CVE-2017-5390",
"url": "https://bugzilla.suse.com/1021820"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5390",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "moderate"
}
],
"title": "CVE-2017-5390"
},
{
"cve": "CVE-2017-5396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5396"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5396",
"url": "https://www.suse.com/security/cve/CVE-2017-5396"
},
{
"category": "external",
"summary": "SUSE Bug 1021821 for CVE-2017-5396",
"url": "https://bugzilla.suse.com/1021821"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5396",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "moderate"
}
],
"title": "CVE-2017-5396"
}
]
}
OPENSUSE-SU-2017:0357-1
Vulnerability from csaf_opensuse - Published: 2017-02-01 17:54 - Updated: 2017-02-01 17:54Summary
Security update for MozillaThunderbird
Severity
Moderate
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update to Mozilla Thunderbird 45.7.0 fixes security issues and bugs.
The following security issues from advisory MFSA 2017-03 were fixed (boo#1021991)
In general, these flaws cannot be exploited through email in
Thunderbird because scripting is disabled when reading mail,
but are potentially risks in browser or browser-like contexts:
- CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (boo#1021814)
- CVE-2017-5376: Use-after-free in XSL (boo#1021817)
- CVE-2017-5378: Pointer and frame data leakage of Javascript objects (boo#1021818)
- CVE-2017-5380: Potential use-after-free during DOM manipulations (boo#1021819)
- CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (boo#1021820)
- CVE-2017-5396: Use-after-free with Media Decoder (boo#1021821)
- CVE-2017-5383: Location bar spoofing with unicode characters (boo#1021822)
- CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7 (boo#1021824)
The following non-security bugs were fixed:
- Message preview pane non-functional after IMAP folder was renamed or moved
- 'Move To' button on 'Search Messages' panel not working
- Message sent to 'undisclosed recipients' shows no recipient
(non-functional since Thunderbird version 38)
Patchnames: openSUSE-2017-188
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
43 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update to Mozilla Thunderbird 45.7.0 fixes security issues and bugs.\n\nThe following security issues from advisory MFSA 2017-03 were fixed (boo#1021991)\nIn general, these flaws cannot be exploited through email in\nThunderbird because scripting is disabled when reading mail,\nbut are potentially risks in browser or browser-like contexts:\n\n- CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (boo#1021814)\n- CVE-2017-5376: Use-after-free in XSL (boo#1021817)\n- CVE-2017-5378: Pointer and frame data leakage of Javascript objects (boo#1021818)\n- CVE-2017-5380: Potential use-after-free during DOM manipulations (boo#1021819)\n- CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (boo#1021820)\n- CVE-2017-5396: Use-after-free with Media Decoder (boo#1021821)\n- CVE-2017-5383: Location bar spoofing with unicode characters (boo#1021822)\n- CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7 (boo#1021824)\n\nThe following non-security bugs were fixed:\n\n- Message preview pane non-functional after IMAP folder was renamed or moved\n- \u0027Move To\u0027 button on \u0027Search Messages\u0027 panel not working\n- Message sent to \u0027undisclosed recipients\u0027 shows no recipient\n (non-functional since Thunderbird version 38)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2017-188",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_0357-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1021814",
"url": "https://bugzilla.suse.com/1021814"
},
{
"category": "self",
"summary": "SUSE Bug 1021817",
"url": "https://bugzilla.suse.com/1021817"
},
{
"category": "self",
"summary": "SUSE Bug 1021818",
"url": "https://bugzilla.suse.com/1021818"
},
{
"category": "self",
"summary": "SUSE Bug 1021819",
"url": "https://bugzilla.suse.com/1021819"
},
{
"category": "self",
"summary": "SUSE Bug 1021820",
"url": "https://bugzilla.suse.com/1021820"
},
{
"category": "self",
"summary": "SUSE Bug 1021821",
"url": "https://bugzilla.suse.com/1021821"
},
{
"category": "self",
"summary": "SUSE Bug 1021822",
"url": "https://bugzilla.suse.com/1021822"
},
{
"category": "self",
"summary": "SUSE Bug 1021824",
"url": "https://bugzilla.suse.com/1021824"
},
{
"category": "self",
"summary": "SUSE Bug 1021991",
"url": "https://bugzilla.suse.com/1021991"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5373 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5375 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5376 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5378 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5380 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5383 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5390 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5396 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5396/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2017-02-01T17:54:52Z",
"generator": {
"date": "2017-02-01T17:54:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2017:0357-1",
"initial_release_date": "2017-02-01T17:54:52Z",
"revision_history": [
{
"date": "2017-02-01T17:54:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-45.7.0-23.1.aarch64",
"product": {
"name": "MozillaThunderbird-45.7.0-23.1.aarch64",
"product_id": "MozillaThunderbird-45.7.0-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"product": {
"name": "MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"product_id": "MozillaThunderbird-devel-45.7.0-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"product_id": "MozillaThunderbird-translations-common-45.7.0-23.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"product": {
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"product_id": "MozillaThunderbird-translations-other-45.7.0-23.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-45.7.0-23.1.s390x",
"product": {
"name": "MozillaThunderbird-45.7.0-23.1.s390x",
"product_id": "MozillaThunderbird-45.7.0-23.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-45.7.0-23.1.s390x",
"product": {
"name": "MozillaThunderbird-devel-45.7.0-23.1.s390x",
"product_id": "MozillaThunderbird-devel-45.7.0-23.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"product_id": "MozillaThunderbird-translations-common-45.7.0-23.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"product": {
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"product_id": "MozillaThunderbird-translations-other-45.7.0-23.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-45.7.0-23.1.x86_64",
"product": {
"name": "MozillaThunderbird-45.7.0-23.1.x86_64",
"product_id": "MozillaThunderbird-45.7.0-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"product": {
"name": "MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"product_id": "MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"product": {
"name": "MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"product_id": "MozillaThunderbird-devel-45.7.0-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"product_id": "MozillaThunderbird-translations-common-45.7.0-23.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.x86_64",
"product_id": "MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-45.7.0-23.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64"
},
"product_reference": "MozillaThunderbird-45.7.0-23.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-45.7.0-23.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x"
},
"product_reference": "MozillaThunderbird-45.7.0-23.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-45.7.0-23.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64"
},
"product_reference": "MozillaThunderbird-45.7.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64"
},
"product_reference": "MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-45.7.0-23.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64"
},
"product_reference": "MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-45.7.0-23.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x"
},
"product_reference": "MozillaThunderbird-devel-45.7.0-23.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-devel-45.7.0-23.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64"
},
"product_reference": "MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64"
},
"product_reference": "MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.s390x as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x"
},
"product_reference": "MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-45.7.0-23.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5373"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5373",
"url": "https://www.suse.com/security/cve/CVE-2017-5373"
},
{
"category": "external",
"summary": "SUSE Bug 1021824 for CVE-2017-5373",
"url": "https://bugzilla.suse.com/1021824"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5373",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "important"
}
],
"title": "CVE-2017-5373"
},
{
"cve": "CVE-2017-5375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5375"
}
],
"notes": [
{
"category": "general",
"text": "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5375",
"url": "https://www.suse.com/security/cve/CVE-2017-5375"
},
{
"category": "external",
"summary": "SUSE Bug 1021814 for CVE-2017-5375",
"url": "https://bugzilla.suse.com/1021814"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5375",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "important"
}
],
"title": "CVE-2017-5375"
},
{
"cve": "CVE-2017-5376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5376"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5376",
"url": "https://www.suse.com/security/cve/CVE-2017-5376"
},
{
"category": "external",
"summary": "SUSE Bug 1021817 for CVE-2017-5376",
"url": "https://bugzilla.suse.com/1021817"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5376",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "important"
}
],
"title": "CVE-2017-5376"
},
{
"cve": "CVE-2017-5378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5378"
}
],
"notes": [
{
"category": "general",
"text": "Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object\u0027s address can be discovered through hash codes, and also allows for data leakage of an object\u0027s content using these hash codes. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5378",
"url": "https://www.suse.com/security/cve/CVE-2017-5378"
},
{
"category": "external",
"summary": "SUSE Bug 1021818 for CVE-2017-5378",
"url": "https://bugzilla.suse.com/1021818"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5378",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "moderate"
}
],
"title": "CVE-2017-5378"
},
{
"cve": "CVE-2017-5380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5380"
}
],
"notes": [
{
"category": "general",
"text": "A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5380",
"url": "https://www.suse.com/security/cve/CVE-2017-5380"
},
{
"category": "external",
"summary": "SUSE Bug 1021819 for CVE-2017-5380",
"url": "https://bugzilla.suse.com/1021819"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5380",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "moderate"
}
],
"title": "CVE-2017-5380"
},
{
"cve": "CVE-2017-5383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5383"
}
],
"notes": [
{
"category": "general",
"text": "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5383",
"url": "https://www.suse.com/security/cve/CVE-2017-5383"
},
{
"category": "external",
"summary": "SUSE Bug 1021822 for CVE-2017-5383",
"url": "https://bugzilla.suse.com/1021822"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5383",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "moderate"
}
],
"title": "CVE-2017-5383"
},
{
"cve": "CVE-2017-5390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5390"
}
],
"notes": [
{
"category": "general",
"text": "The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5390",
"url": "https://www.suse.com/security/cve/CVE-2017-5390"
},
{
"category": "external",
"summary": "SUSE Bug 1021820 for CVE-2017-5390",
"url": "https://bugzilla.suse.com/1021820"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5390",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "moderate"
}
],
"title": "CVE-2017-5390"
},
{
"cve": "CVE-2017-5396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5396"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5396",
"url": "https://www.suse.com/security/cve/CVE-2017-5396"
},
{
"category": "external",
"summary": "SUSE Bug 1021821 for CVE-2017-5396",
"url": "https://bugzilla.suse.com/1021821"
},
{
"category": "external",
"summary": "SUSE Bug 1021991 for CVE-2017-5396",
"url": "https://bugzilla.suse.com/1021991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
"SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-01T17:54:52Z",
"details": "moderate"
}
],
"title": "CVE-2017-5396"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…