{"id":"MGASA-2018-0316","summary":"Updated thunderbird packages fix security vulnerabilities","details":"The updated packages fix several bugs and some security issues:\n\nBuffer overflow using computed size of canvas element. (CVE-2018-12359)\n\nUse-after-free when using focus(). (CVE-2018-12360)\n\nS/MIME and PGP decryption oracles can be built with HTML emails.\n(CVE-2018-12372)\n\nS/MIME plaintext can be leaked through HTML reply/forward. (CVE-2018-12373)\n\nInteger overflow in SSSE3 scaler. (CVE-2018-12362)\n\nUse-after-free when appending DOM nodes. (CVE-2018-12363)\n\nCSRF attacks through 307 redirects and NPAPI plugins. (CVE-2018-12364)\n\nCompromised IPC child process can list local filenames. (CVE-2018-12365)\n\nInvalid data handling during QCMS transformations. (CVE-2018-12366)\n\nUsing form to exfiltrate encrypted mail part by pressing enter in form field.\n(CVE-2018-12374)\n\nMemory safety bugs fixed in Firefox 60, Firefox ESR 60.1, Firefox ESR 52.9,\nand Thunderbird 52.9. (CVE-2018-5188)\n\nThe signature verification routine in Enigmail before 2.0.7 interprets user\nids as status/control messages and does not correctly keep track of the\nstatus of multiple signatures, which allows remote attackers to spoof\narbitrary email signatures via public keys containing crafted primary user\nids. (CVE-2018-12019)\n\nmainproc.c in GnuPG before 2.2.8 mishandles the original filename during\ndecryption and verification actions, which allows remote attackers to spoof\nthe output that GnuPG sends on file descriptor 2 to other programs that use\nthe \"--status-fd 2\" option. For example, the OpenPGP data might represent an\noriginal filename that contains line feed characters in conjunction with\nGOODSIG or VALIDSIG status codes. (CVE-2018-12020)\n","modified":"2026-04-16T06:24:51.717355204Z","published":"2018-07-23T22:27:34Z","upstream":["CVE-2018-12019","CVE-2018-12020","CVE-2018-12359","CVE-2018-12360","CVE-2018-12362","CVE-2018-12363","CVE-2018-12364","CVE-2018-12365","CVE-2018-12366","CVE-2018-12372","CVE-2018-12373","CVE-2018-12374","CVE-2018-5188"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0316.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23277"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/52.9.0/releasenotes/"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/52.9.1/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2018-05/msg00133.html"},{"type":"WEB","url":"https://neopg.io/blog/enigmail-signature-spoof/"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2018/06/13/10"},{"type":"WEB","url":"https://neopg.io/blog/gpg-signature-spoof/"},{"type":"WEB","url":"https://sourceforge.net/p/enigmail/forum/announce/thread/b948279f/"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2018-06/msg00094.html"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.9.1-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0316.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.9.1-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0316.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}