Debian Thunderbird vulnerabilities

CVE-2018-12374 [MEDIUM] CVE-2018-12374: thunderbird - Plaintext of decrypted emails can leak through by user submitting an embedded fo... Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9. Scope: local bookworm: resolved (fixed in 1:52.9.0-1) bullseye: resolved (fixed in 1:52.9.0-1) forky: resolved (fixed in 1:52.9.0-1) sid: resolved (fixed in 1:52.9.0-1) trixie: resolv

CVE-2018-5170 [MEDIUM] CVE-2018-5170: thunderbird - It is possible to spoof the filename of an attachment and display an arbitrary a... It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. Scope: local bookworm: resolved (fixed in 1:52.8.0-1) bullseye: resolved (fixed in 1:52.8.0-1)

CVE-2018-5161 [MEDIUM] CVE-2018-5161: thunderbird - Crafted message headers can cause a Thunderbird process to hang on receiving the... Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. Scope: local bookworm: resolved (fixed in 1:52.8.0-1) bullseye: resolved (fixed in 1:52.8.0-1) forky: resolved (fixed in 1:52.8.0-1) sid: resolved (fixed in 1:52.8.0-1) trixie: resolved (fixed in 1:52

CVE-2018-12379 [HIGH] CVE-2018-12379: firefox - When the Mozilla Updater opens a MAR format file which contains a very long item... When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbi

CVE-2018-12368 [HIGH] CVE-2018-12368: firefox - Windows 10 does not warn users before opening executable files with the SettingC... Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permissio

CVE-2018-5174 [HIGH] CVE-2018-5174: firefox - In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SE... In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because

CVE-2018-12391 [HIGH] CVE-2018-12391: firefox - During HTTP Live Stream playback on Firefox for Android, audio data can be acces... During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are un

CVE-2017-7819 [CRITICAL] CVE-2017-7819: firefox - A use-after-free vulnerability can occur in design mode when image objects are r... A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Scope: local sid: resolved (fixed in 56.0-1)

CVE-2017-7824 [CRITICAL] CVE-2017-7824: firefox - A buffer overflow occurs when drawing and validating elements with the ANGLE gra... A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Scope: local sid: resolved (fixed

CVE-2017-7818 [CRITICAL] CVE-2017-7818: firefox - A use-after-free vulnerability can occur when manipulating arrays of Accessible ... A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Scope: local sid: resolved (fixed in 56.0-1)

CVE-2017-7826 [CRITICAL] CVE-2017-7826: firefox - Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of the... Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. Scope: local sid: resolved (fixed in 57.0-1)

CVE-2017-7793 [CRITICAL] CVE-2017-7793: firefox - A use-after-free vulnerability can occur in the Fetch API when the worker or the... A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Scope: local sid: resolved (fixed in 56.0-1)

CVE-2017-7828 [CRITICAL] CVE-2017-7828: firefox - A use-after-free vulnerability can occur when flushing and resizing layout becau... A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. Scope: local sid: resolved (fixed in 57.0-1)

CVE-2017-7810 [CRITICAL] CVE-2017-7810: firefox - Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of the... Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Scope: local sid: resolved (fixed in 56.0-1)

CVE-2017-7814 [HIGH] CVE-2017-7814: firefox - File downloads encoded with "blob:" and "data:" URL elements bypassed normal fil... File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firef

CVE-2017-7846 [HIGH] CVE-2017-7846: thunderbird - It is possible to execute JavaScript in the parsed RSS feed when RSS feed is vie... It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2. Scope: local bookworm: resolved (fixed in 1:52.5.2-1) bullseye: resolved (fixed in 1:52.5.2-1) forky: res

CVE-2017-7805 [HIGH] CVE-2017-7805: firefox - During TLS 1.2 exchanges, handshake hashes are generated which point to a messag... During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handsha

CVE-2017-7830 [MEDIUM] CVE-2017-7830: firefox - The Resource Timing API incorrectly revealed navigations in cross-origin iframes... The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. Scope: local sid: resolved (fixed in 57.0-1)

CVE-2017-7848 [MEDIUM] CVE-2017-7848: thunderbird - RSS fields can inject new lines into the created email structure, modifying the ... RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. Scope: local bookworm: resolved (fixed in 1:52.5.2-1) bullseye: resolved (fixed in 1:52.5.2-1) forky: resolved (fixed in 1:52.5.2-1) sid: resolved (fixed in 1:52.5.2-1) trixie: resolved (fixed in 1:52.5.2-1)

CVE-2017-7829 [MEDIUM] CVE-2017-7829: thunderbird - It is possible to spoof the sender's email address and display an arbitrary send... It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2. Scope: local bookworm: resolved (fixed in 1:52.5.2-1) bullseye: resolved (fixed in 1:52.5.2-1) forky: