- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201803-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Thunderbird: Multiple vulnerabilities Date: March 28, 2018 Bugs: #627376, #639048, #643842, #645812, #645820 ID: 201803-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. Background ========== Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/thunderbird < 52.6.0 >= 52.6.0 2 mail-client/thunderbird-bin < 52.6.0 >= 52.6.0 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details. Impact ====== A remote attacker may be able to execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, conduct URL hijacking, or conduct cross-site scripting (XSS). Workaround ========== There is no known workaround at this time. Resolution ========== All Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-52.6.0" All Thunderbird binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-52.6.0" References ========== [ 1 ] CVE-2017-7753 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7753 [ 2 ] CVE-2017-7779 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7779 [ 3 ] CVE-2017-7784 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7784 [ 4 ] CVE-2017-7785 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7785 [ 5 ] CVE-2017-7786 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7786 [ 6 ] CVE-2017-7787 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7787 [ 7 ] CVE-2017-7791 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7791 [ 8 ] CVE-2017-7792 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7792 [ 9 ] CVE-2017-7793 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7793 [ 10 ] CVE-2017-7800 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7800 [ 11 ] CVE-2017-7801 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7801 [ 12 ] CVE-2017-7802 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7802 [ 13 ] CVE-2017-7803 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7803 [ 14 ] CVE-2017-7805 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7805 [ 15 ] CVE-2017-7807 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7807 [ 16 ] CVE-2017-7809 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7809 [ 17 ] CVE-2017-7810 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7810 [ 18 ] CVE-2017-7814 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7814 [ 19 ] CVE-2017-7818 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7818 [ 20 ] CVE-2017-7819 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7819 [ 21 ] CVE-2017-7823 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7823 [ 22 ] CVE-2017-7824 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7824 [ 23 ] CVE-2017-7825 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7825 [ 24 ] CVE-2017-7826 https://nvd.nist.gov/vuln/detail/CVE-2017-7826 [ 25 ] CVE-2017-7828 https://nvd.nist.gov/vuln/detail/CVE-2017-7828 [ 26 ] CVE-2017-7829 https://nvd.nist.gov/vuln/detail/CVE-2017-7829 [ 27 ] CVE-2017-7830 https://nvd.nist.gov/vuln/detail/CVE-2017-7830 [ 28 ] CVE-2017-7846 https://nvd.nist.gov/vuln/detail/CVE-2017-7846 [ 29 ] CVE-2017-7847 https://nvd.nist.gov/vuln/detail/CVE-2017-7847 [ 30 ] CVE-2017-7848 https://nvd.nist.gov/vuln/detail/CVE-2017-7848 [ 31 ] CVE-2018-5089 https://nvd.nist.gov/vuln/detail/CVE-2018-5089 [ 32 ] CVE-2018-5095 https://nvd.nist.gov/vuln/detail/CVE-2018-5095 [ 33 ] CVE-2018-5096 https://nvd.nist.gov/vuln/detail/CVE-2018-5096 [ 34 ] CVE-2018-5097 https://nvd.nist.gov/vuln/detail/CVE-2018-5097 [ 35 ] CVE-2018-5098 https://nvd.nist.gov/vuln/detail/CVE-2018-5098 [ 36 ] CVE-2018-5099 https://nvd.nist.gov/vuln/detail/CVE-2018-5099 [ 37 ] CVE-2018-5102 https://nvd.nist.gov/vuln/detail/CVE-2018-5102 [ 38 ] CVE-2018-5103 https://nvd.nist.gov/vuln/detail/CVE-2018-5103 [ 39 ] CVE-2018-5104 https://nvd.nist.gov/vuln/detail/CVE-2018-5104 [ 40 ] CVE-2018-5117 https://nvd.nist.gov/vuln/detail/CVE-2018-5117 [ 41 ] Mozilla Foundation Security Advisory 2017-20 https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/ [ 42 ] Mozilla Foundation Security Advisory 2017-23 https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/ [ 43 ] Mozilla Foundation Security Advisory 2017-26 https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/ [ 44 ] Mozilla Foundation Security Advisory 2017-30 https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/ [ 45 ] Mozilla Foundation Security Advisory 2018-04 https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/ Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201803-14 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5