RHSA-2017:1201
Vulnerability from csaf_redhat - Published: 2017-05-08 06:45 - Updated: 2025-11-25 18:21Summary
Red Hat Security Advisory: thunderbird security update
Severity
Important
Notes
Topic: An update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 52.1.0.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197)
Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero), Takeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal De Silva, Nicolas Grégoire, Holger Fuhrmannek, Atte Kettunen, Haik Aftandilian, and Jordi Chancel as the original reporters.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in libevent with the parsing of DNS requests and replies. An attacker could send a forged DNS response to an application using libevent which could lead to reading data out of bounds on the heap, potentially disclosing a small amount of application memory.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A vulnerability was found in libevent with the parsing of IPv6 addresses. If an attacker could cause an application using libevent to parse a malformed address in IPv6 notation of more than 2GiB in length, a stack overflow would occur leading to a crash.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
An out of bounds read vulnerability was found in libevent in the search_make_new function. If an attacker could cause an application using libevent to attempt resolving an empty hostname, an out of bounds read could occur possibly leading to a crash.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
8.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.1 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
4.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.1 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
6.1 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
9.8 (Critical)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
https://access.redhat.com/errata/RHSA-2017:1201
References
Acknowledgments
the Mozilla project
Nils
Holger Fuhrmannek
Nicolas Grégoire
Chamal De Silva
Chun Han Hsiao
Google Project Zero
Ivan Fratric
Jordi Chancel
Haik Aftandilian
Atte Kettunen
Takeshi Terada
Google Skia team
Heather Miller
Petr Cerny
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.1.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero), Takeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal De Silva, Nicolas Gr\u00e9goire, Holger Fuhrmannek, Atte Kettunen, Haik Aftandilian, and Jordi Chancel as the original reporters.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:1201",
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"
},
{
"category": "external",
"summary": "1418608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418608"
},
{
"category": "external",
"summary": "1418611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418611"
},
{
"category": "external",
"summary": "1418612",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418612"
},
{
"category": "external",
"summary": "1443298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443298"
},
{
"category": "external",
"summary": "1443299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443299"
},
{
"category": "external",
"summary": "1443301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443301"
},
{
"category": "external",
"summary": "1443303",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443303"
},
{
"category": "external",
"summary": "1443304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443304"
},
{
"category": "external",
"summary": "1443305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443305"
},
{
"category": "external",
"summary": "1443307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443307"
},
{
"category": "external",
"summary": "1443308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443308"
},
{
"category": "external",
"summary": "1443311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443311"
},
{
"category": "external",
"summary": "1443312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443312"
},
{
"category": "external",
"summary": "1443313",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443313"
},
{
"category": "external",
"summary": "1443314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443314"
},
{
"category": "external",
"summary": "1443315",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443315"
},
{
"category": "external",
"summary": "1443317",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443317"
},
{
"category": "external",
"summary": "1443322",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443322"
},
{
"category": "external",
"summary": "1443323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443323"
},
{
"category": "external",
"summary": "1443324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443324"
},
{
"category": "external",
"summary": "1443325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443325"
},
{
"category": "external",
"summary": "1443327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443327"
},
{
"category": "external",
"summary": "1443328",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443328"
},
{
"category": "external",
"summary": "1443329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443329"
},
{
"category": "external",
"summary": "1443330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443330"
},
{
"category": "external",
"summary": "1443332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443332"
},
{
"category": "external",
"summary": "1443333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443333"
},
{
"category": "external",
"summary": "1443338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443338"
},
{
"category": "external",
"summary": "1443340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443340"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1201.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-11-25T18:21:31+00:00",
"generator": {
"date": "2025-11-25T18:21:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2017:1201",
"initial_release_date": "2017-05-08T06:45:45+00:00",
"revision_history": [
{
"date": "2017-05-08T06:45:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-05-08T06:45:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-25T18:21:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:52.1.0-1.el6_9.x86_64",
"product": {
"name": "thunderbird-0:52.1.0-1.el6_9.x86_64",
"product_id": "thunderbird-0:52.1.0-1.el6_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@52.1.0-1.el6_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"product_id": "thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@52.1.0-1.el6_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:52.1.0-1.el7_3.x86_64",
"product": {
"name": "thunderbird-0:52.1.0-1.el7_3.x86_64",
"product_id": "thunderbird-0:52.1.0-1.el7_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@52.1.0-1.el7_3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"product_id": "thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@52.1.0-1.el7_3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:52.1.0-1.el6_9.src",
"product": {
"name": "thunderbird-0:52.1.0-1.el6_9.src",
"product_id": "thunderbird-0:52.1.0-1.el6_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@52.1.0-1.el6_9?arch=src"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:52.1.0-1.el7_3.src",
"product": {
"name": "thunderbird-0:52.1.0-1.el7_3.src",
"product_id": "thunderbird-0:52.1.0-1.el7_3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@52.1.0-1.el7_3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:52.1.0-1.el6_9.i686",
"product": {
"name": "thunderbird-0:52.1.0-1.el6_9.i686",
"product_id": "thunderbird-0:52.1.0-1.el6_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@52.1.0-1.el6_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"product": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"product_id": "thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@52.1.0-1.el6_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:52.1.0-1.el6_9.s390x",
"product": {
"name": "thunderbird-0:52.1.0-1.el6_9.s390x",
"product_id": "thunderbird-0:52.1.0-1.el6_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@52.1.0-1.el6_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"product": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"product_id": "thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@52.1.0-1.el6_9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:52.1.0-1.el6_9.ppc64",
"product": {
"name": "thunderbird-0:52.1.0-1.el6_9.ppc64",
"product_id": "thunderbird-0:52.1.0-1.el6_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@52.1.0-1.el6_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"product": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"product_id": "thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@52.1.0-1.el6_9?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:52.1.0-1.el7_3.ppc64le",
"product": {
"name": "thunderbird-0:52.1.0-1.el7_3.ppc64le",
"product_id": "thunderbird-0:52.1.0-1.el7_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@52.1.0-1.el7_3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"product_id": "thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@52.1.0-1.el7_3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:52.1.0-1.el7_3.aarch64",
"product": {
"name": "thunderbird-0:52.1.0-1.el7_3.aarch64",
"product_id": "thunderbird-0:52.1.0-1.el7_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@52.1.0-1.el7_3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"product_id": "thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@52.1.0-1.el7_3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686"
},
"product_reference": "thunderbird-0:52.1.0-1.el6_9.i686",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el6_9.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64"
},
"product_reference": "thunderbird-0:52.1.0-1.el6_9.ppc64",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el6_9.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x"
},
"product_reference": "thunderbird-0:52.1.0-1.el6_9.s390x",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el6_9.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src"
},
"product_reference": "thunderbird-0:52.1.0-1.el6_9.src",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64"
},
"product_reference": "thunderbird-0:52.1.0-1.el6_9.x86_64",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"relates_to_product_reference": "6Client-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686"
},
"product_reference": "thunderbird-0:52.1.0-1.el6_9.i686",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el6_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64"
},
"product_reference": "thunderbird-0:52.1.0-1.el6_9.ppc64",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el6_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x"
},
"product_reference": "thunderbird-0:52.1.0-1.el6_9.s390x",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el6_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src"
},
"product_reference": "thunderbird-0:52.1.0-1.el6_9.src",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64"
},
"product_reference": "thunderbird-0:52.1.0-1.el6_9.x86_64",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"relates_to_product_reference": "6Server-optional-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686"
},
"product_reference": "thunderbird-0:52.1.0-1.el6_9.i686",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el6_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64"
},
"product_reference": "thunderbird-0:52.1.0-1.el6_9.ppc64",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el6_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x"
},
"product_reference": "thunderbird-0:52.1.0-1.el6_9.s390x",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el6_9.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src"
},
"product_reference": "thunderbird-0:52.1.0-1.el6_9.src",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64"
},
"product_reference": "thunderbird-0:52.1.0-1.el6_9.x86_64",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"relates_to_product_reference": "6Workstation-6.9.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el7_3.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64"
},
"product_reference": "thunderbird-0:52.1.0-1.el7_3.aarch64",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el7_3.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le"
},
"product_reference": "thunderbird-0:52.1.0-1.el7_3.ppc64le",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el7_3.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src"
},
"product_reference": "thunderbird-0:52.1.0-1.el7_3.src",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el7_3.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64"
},
"product_reference": "thunderbird-0:52.1.0-1.el7_3.x86_64",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el7_3.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64"
},
"product_reference": "thunderbird-0:52.1.0-1.el7_3.aarch64",
"relates_to_product_reference": "7Server-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el7_3.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le"
},
"product_reference": "thunderbird-0:52.1.0-1.el7_3.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el7_3.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src"
},
"product_reference": "thunderbird-0:52.1.0-1.el7_3.src",
"relates_to_product_reference": "7Server-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64"
},
"product_reference": "thunderbird-0:52.1.0-1.el7_3.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"relates_to_product_reference": "7Server-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"relates_to_product_reference": "7Server-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"relates_to_product_reference": "7Server-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el7_3.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64"
},
"product_reference": "thunderbird-0:52.1.0-1.el7_3.aarch64",
"relates_to_product_reference": "7Workstation-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el7_3.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le"
},
"product_reference": "thunderbird-0:52.1.0-1.el7_3.ppc64le",
"relates_to_product_reference": "7Workstation-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el7_3.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src"
},
"product_reference": "thunderbird-0:52.1.0-1.el7_3.src",
"relates_to_product_reference": "7Workstation-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:52.1.0-1.el7_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64"
},
"product_reference": "thunderbird-0:52.1.0-1.el7_3.x86_64",
"relates_to_product_reference": "7Workstation-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"relates_to_product_reference": "7Workstation-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"relates_to_product_reference": "7Workstation-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"relates_to_product_reference": "7Workstation-7.3.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-10195",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1418608"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libevent with the parsing of DNS requests and replies. An attacker could send a forged DNS response to an application using libevent which could lead to reading data out of bounds on the heap, potentially disclosing a small amount of application memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libevent: Stack-buffer overflow in the name_parse() function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10195"
},
{
"category": "external",
"summary": "RHBZ#1418608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418608"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10195",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10195"
}
],
"release_date": "2016-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libevent: Stack-buffer overflow in the name_parse() function"
},
{
"cve": "CVE-2016-10196",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2017-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1418611"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libevent with the parsing of IPv6 addresses. If an attacker could cause an application using libevent to parse a malformed address in IPv6 notation of more than 2GiB in length, a stack overflow would occur leading to a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libevent: Stack-buffer overflow in evutil_parse_sockaddr_port()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10196"
},
{
"category": "external",
"summary": "RHBZ#1418611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418611"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10196",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10196"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10196",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10196"
}
],
"release_date": "2016-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libevent: Stack-buffer overflow in evutil_parse_sockaddr_port()"
},
{
"cve": "CVE-2016-10197",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1418612"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read vulnerability was found in libevent in the search_make_new function. If an attacker could cause an application using libevent to attempt resolving an empty hostname, an out of bounds read could occur possibly leading to a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libevent: Out-of-bounds read in search_make_new()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-10197"
},
{
"category": "external",
"summary": "RHBZ#1418612",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418612"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-10197",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10197"
}
],
"release_date": "2016-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libevent: Out-of-bounds read in search_make_new()"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
}
],
"cve": "CVE-2017-5429",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443301"
}
],
"notes": [
{
"category": "description",
"text": "Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5429"
},
{
"category": "external",
"summary": "RHBZ#1443301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443301"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5429",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5429"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5429",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5429"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Nils"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5432",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443332"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in text input selection (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5432"
},
{
"category": "external",
"summary": "RHBZ#1443332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5432",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5432"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5432",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5432"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in text input selection (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Nils"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5433",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443330"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in SMIL animation functions (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5433"
},
{
"category": "external",
"summary": "RHBZ#1443330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5433",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5433"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5433",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5433"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5433",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5433"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Use-after-free in SMIL animation functions (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Nils"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5434",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443329"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free during focus handling (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5434"
},
{
"category": "external",
"summary": "RHBZ#1443329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5434",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5434"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5434"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5434",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5434"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free during focus handling (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Nils"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5435",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443328"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free during transaction processing in the editor (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5435"
},
{
"category": "external",
"summary": "RHBZ#1443328",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443328"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5435",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5435"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5435",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5435"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5435",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5435"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Use-after-free during transaction processing in the editor (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Holger Fuhrmannek"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5436",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443327"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Out-of-bounds write with malicious font in Graphite 2 (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5436"
},
{
"category": "external",
"summary": "RHBZ#1443327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5436",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5436"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5436",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5436"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Out-of-bounds write with malicious font in Graphite 2 (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Nicolas Gr\u00e9goire"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5438",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443325"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in nsAutoPtr during XSLT processing (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5438"
},
{
"category": "external",
"summary": "RHBZ#1443325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5438",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5438"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5438",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5438"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5438",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5438"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in nsAutoPtr during XSLT processing (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Nicolas Gr\u00e9goire"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5439",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443324"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in nsTArray Length() during XSLT processing (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5439"
},
{
"category": "external",
"summary": "RHBZ#1443324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443324"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5439",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5439"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5439",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5439"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5439",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5439"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in nsTArray Length() during XSLT processing (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Nicolas Gr\u00e9goire"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5440",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443322"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in txExecutionState destructor during XSLT processing (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5440"
},
{
"category": "external",
"summary": "RHBZ#1443322",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443322"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5440",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5440"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5440",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5440"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5440",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5440"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in txExecutionState destructor during XSLT processing (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Nils"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5441",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443323"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free with selection during scroll events (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5441"
},
{
"category": "external",
"summary": "RHBZ#1443323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443323"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5441"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5441",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5441"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free with selection during scroll events (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Nils"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5442",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443298"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free during style changes (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5442"
},
{
"category": "external",
"summary": "RHBZ#1443298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5442",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5442"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5442",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5442"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5442",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5442"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free during style changes (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Chamal De Silva"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5443",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443299"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Out-of-bounds write during BinHex decoding (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5443"
},
{
"category": "external",
"summary": "RHBZ#1443299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443299"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5443",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5443"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5443",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5443"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5443",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5443"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Out-of-bounds write during BinHex decoding (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Chamal De Silva"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5444",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443314"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow vulnerability while parsing \"application/http-index-format\" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Buffer overflow while parsing application/http-index-format content (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5444"
},
{
"category": "external",
"summary": "RHBZ#1443314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443314"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5444",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5444"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5444",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5444"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5444",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5444"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Buffer overflow while parsing application/http-index-format content (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Chamal De Silva"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5445",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443315"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability while parsing \"application/http-index-format\" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Uninitialized values used while parsing application/http-index-format content (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5445"
},
{
"category": "external",
"summary": "RHBZ#1443315",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443315"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5445",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5445"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5445",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5445"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5445",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5445"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Uninitialized values used while parsing application/http-index-format content (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Chun Han Hsiao"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5446",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443312"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read when an HTTP/2 connection to a servers sends \"DATA\" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5446"
},
{
"category": "external",
"summary": "RHBZ#1443312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443312"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5446",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5446"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5446",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5446"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5446",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5446"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ivan Fratric"
],
"organization": "Google Project Zero",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5447",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443313"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Out-of-bounds read during glyph processing (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5447"
},
{
"category": "external",
"summary": "RHBZ#1443313",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443313"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5447",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5447"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5447",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5447"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5447",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5447"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Out-of-bounds read during glyph processing (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Nils"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5449",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443311"
}
],
"notes": [
{
"category": "description",
"text": "A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Crash during bidirectional unicode manipulation with animation (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5449"
},
{
"category": "external",
"summary": "RHBZ#1443311",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443311"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5449",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5449"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5449",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5449"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5449",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5449"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Crash during bidirectional unicode manipulation with animation (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Jordi Chancel"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5451",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443340"
}
],
"notes": [
{
"category": "description",
"text": "A mechanism to spoof the addressbar through the user interaction on the addressbar and the \"onblur\" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Addressbar spoofing with onblur event (MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5451"
},
{
"category": "external",
"summary": "RHBZ#1443340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5451",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5451"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5451",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5451"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5451",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5451"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Addressbar spoofing with onblur event (MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Haik Aftandilian"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5454",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443338"
}
],
"notes": [
{
"category": "description",
"text": "A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Sandbox escape allowing file system read access through file picker (MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5454"
},
{
"category": "external",
"summary": "RHBZ#1443338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5454",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5454"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5454",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5454"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5454",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5454"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Sandbox escape allowing file system read access through file picker (MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Atte Kettunen"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5459",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443333"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Buffer overflow in WebGL (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5459"
},
{
"category": "external",
"summary": "RHBZ#1443333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5459",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5459"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5459",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5459"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Buffer overflow in WebGL (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Nils"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5460",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443308"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in frame selection (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5460"
},
{
"category": "external",
"summary": "RHBZ#1443308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443308"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5460",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5460"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5460",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5460"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5460",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5460"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in frame selection (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Nils"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5464",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443303"
}
],
"notes": [
{
"category": "description",
"text": "During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory corruption with accessibility and DOM manipulation (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5464"
},
{
"category": "external",
"summary": "RHBZ#1443303",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443303"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5464"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5464",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5464"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory corruption with accessibility and DOM manipulation (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Ivan Fratric"
],
"organization": "Google Project Zero",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5465",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443304"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read while processing SVG content in \"ConvolvePixel\". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Out-of-bounds read in ConvolvePixel (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5465"
},
{
"category": "external",
"summary": "RHBZ#1443304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443304"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5465",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5465"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5465",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5465"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Out-of-bounds read in ConvolvePixel (MFSA 2017-11, MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Takeshi Terada"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5466",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443305"
}
],
"notes": [
{
"category": "description",
"text": "If a page is loaded from an original site through a hyperlink and contains a redirect to a \"data:text/html\" URL, triggering a reload will run the reloaded \"data:text/html\" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Origin confusion when reloading isolated data:text/html URL (MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5466"
},
{
"category": "external",
"summary": "RHBZ#1443305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5466",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5466"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5466",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5466"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5466",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5466"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Origin confusion when reloading isolated data:text/html URL (MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Heather Miller"
],
"organization": "Google Skia team",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5467",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443307"
}
],
"notes": [
{
"category": "description",
"text": "A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory corruption when drawing Skia content (MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5467"
},
{
"category": "external",
"summary": "RHBZ#1443307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443307"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5467",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5467"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5467",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5467"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Memory corruption when drawing Skia content (MFSA 2017-12)"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Petr Cerny"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-5469",
"discovery_date": "2017-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443317"
}
],
"notes": [
{
"category": "description",
"text": "Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird \u003c 52.1, Firefox ESR \u003c 45.9, Firefox ESR \u003c 52.1, and Firefox \u003c 53.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential Buffer overflow in flex-generated code (MFSA 2017-11, MFSA 2017-12)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5469"
},
{
"category": "external",
"summary": "RHBZ#1443317",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443317"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5469",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5469"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5469"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5469",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5469"
}
],
"release_date": "2017-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-05-08T06:45:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Client-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Client-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Server-optional-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Server-optional-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.src",
"6Workstation-6.9.z:thunderbird-0:52.1.0-1.el6_9.x86_64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.i686",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.ppc64",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.s390x",
"6Workstation-6.9.z:thunderbird-debuginfo-0:52.1.0-1.el6_9.x86_64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Client-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Client-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Server-optional-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.src",
"7Workstation-7.3.Z:thunderbird-0:52.1.0-1.el7_3.x86_64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.aarch64",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.ppc64le",
"7Workstation-7.3.Z:thunderbird-debuginfo-0:52.1.0-1.el7_3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Potential Buffer overflow in flex-generated code (MFSA 2017-11, MFSA 2017-12)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…