Gentoo: GLSA-201803-14: Mozilla Thunderbird: Multiple vulnerabilities
Summary
Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details.
Resolution
All Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-52.6.0"
All Thunderbird binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-52.6.0"
References
[ 1 ] CVE-2017-7753 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7753 [ 2 ] CVE-2017-7779 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7779 [ 3 ] CVE-2017-7784 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7784 [ 4 ] CVE-2017-7785 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7785 [ 5 ] CVE-2017-7786 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7786 [ 6 ] CVE-2017-7787 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7787 [ 7 ] CVE-2017-7791 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7791 [ 8 ] CVE-2017-7792 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7792 [ 9 ] CVE-2017-7793 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7793 [ 10 ] CVE-2017-7800 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7800 [ 11 ] CVE-2017-7801 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7801 [ 12 ] CVE-2017-7802 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7802 [ 13 ] CVE-2017-7803 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7803 [ 14 ] CVE-2017-7805 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7805 [ 15 ] CVE-2017-7807 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7807 [ 16 ] CVE-2017-7809 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7809 [ 17 ] CVE-2017-7810 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7810 [ 18 ] CVE-2017-7814 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7814 [ 19 ] CVE-2017-7818 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7818 [ 20 ] CVE-2017-7819 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7819 [ 21 ] CVE-2017-7823 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7823 [ 22 ] CVE-2017-7824 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7824 [ 23 ] CVE-2017-7825 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7825 [ 24 ] CVE-2017-7826 https://nvd.nist.gov/vuln/detail/CVE-2017-7826 [ 25 ] CVE-2017-7828 https://nvd.nist.gov/vuln/detail/CVE-2017-7828 [ 26 ] CVE-2017-7829 https://nvd.nist.gov/vuln/detail/CVE-2017-7829 [ 27 ] CVE-2017-7830 https://nvd.nist.gov/vuln/detail/CVE-2017-7830 [ 28 ] CVE-2017-7846 https://nvd.nist.gov/vuln/detail/CVE-2017-7846 [ 29 ] CVE-2017-7847 https://nvd.nist.gov/vuln/detail/CVE-2017-7847 [ 30 ] CVE-2017-7848 https://nvd.nist.gov/vuln/detail/CVE-2017-7848 [ 31 ] CVE-2018-5089 https://nvd.nist.gov/vuln/detail/CVE-2018-5089 [ 32 ] CVE-2018-5095 https://nvd.nist.gov/vuln/detail/CVE-2018-5095 [ 33 ] CVE-2018-5096 https://nvd.nist.gov/vuln/detail/CVE-2018-5096 [ 34 ] CVE-2018-5097 https://nvd.nist.gov/vuln/detail/CVE-2018-5097 [ 35 ] CVE-2018-5098 https://nvd.nist.gov/vuln/detail/CVE-2018-5098 [ 36 ] CVE-2018-5099 https://nvd.nist.gov/vuln/detail/CVE-2018-5099 [ 37 ] CVE-2018-5102 https://nvd.nist.gov/vuln/detail/CVE-2018-5102 [ 38 ] CVE-2018-5103 https://nvd.nist.gov/vuln/detail/CVE-2018-5103 [ 39 ] CVE-2018-5104 https://nvd.nist.gov/vuln/detail/CVE-2018-5104 [ 40 ] CVE-2018-5117 https://nvd.nist.gov/vuln/detail/CVE-2018-5117 [ 41 ] Mozilla Foundation Security Advisory 2017-20 https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/ [ 42 ] Mozilla Foundation Security Advisory 2017-23 https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/ [ 43 ] Mozilla Foundation Security Advisory 2017-26 https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/ [ 44 ] Mozilla Foundation Security Advisory 2017-30 https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/ [ 45 ] Mozilla Foundation Security Advisory 2018-04 https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201803-14
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code.
Background
Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/thunderbird < 52.6.0 >= 52.6.0 2 mail-client/thunderbird-bin < 52.6.0 >= 52.6.0 ------------------------------------------------------------------- 2 affected packages
Impact
===== A remote attacker may be able to execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, conduct URL hijacking, or conduct cross-site scripting (XSS).
Workaround
There is no known workaround at this time.