{"id":"MGASA-2017-0180","summary":"Updated thunderbird packages fix security vulnerability and bugs","details":"* Use-after-free using destroyed node when regenerating trees\n  (CVE-2017-5472).\n* Use-after-free during docshell reloading (CVE-2017-7749).\n* Use-after-free with track elements (CVE-2017-7750).\n* Use-after-free with content viewer listeners (CVE-2017-7751).\n* Use-after-free with IME input (CVE-2017-7752).\n* Out-of-bounds read in WebGL with ImageInfo object (CVE-2017-7754).\n* Use-after-free and use-after-scope logging XHR header errors\n  (CVE-2017-7756).\n* Use-after-free in IndexedDB (CVE-2017-7757).\n* Vulnerabilities in the Graphite 2 library (CVE-2017-7778).\n* Out-of-bounds read in Opus encoder (CVE-2017-7758).\n* Mac fonts render some unicode characters as spaces (CVE-2017-7763).\n* Domain spoofing with combination of Canadian Syllabics and other unicode\n  blocks (CVE-2017-7764).\n* Mark of the Web bypass when saving executable files (CVE-2017-7765).\n* Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, and\n  Thunderbird 52.2 (CVE-2017-5470).\n* plus various bug fixes.\n","modified":"2026-04-16T06:26:06.046145597Z","published":"2017-06-19T07:44:03Z","upstream":["CVE-2017-5470","CVE-2017-5472","CVE-2017-7749","CVE-2017-7750","CVE-2017-7751","CVE-2017-7752","CVE-2017-7754","CVE-2017-7756","CVE-2017-7757","CVE-2017-7758","CVE-2017-7763","CVE-2017-7764","CVE-2017-7765","CVE-2017-7778"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0180.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21091"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.2.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0180.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.2.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0180.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}