rhsa-2017_1561
Vulnerability from csaf_redhat
Published
2017-06-21 04:36
Modified
2024-11-22 11:12
Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 52.2.0.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)
Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs), Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, André Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Abhishek Arya, and F. Alonso (revskills) as the original reporters.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 52.2.0.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs), Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, André Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Abhishek Arya, and F. Alonso (revskills) as the original reporters.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2017:1561", url: "https://access.redhat.com/errata/RHSA-2017:1561", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1461252", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461252", }, { category: "external", summary: "1461253", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461253", }, { category: "external", summary: "1461254", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461254", }, { category: "external", summary: "1461255", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461255", }, { category: "external", summary: "1461256", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461256", }, { category: "external", summary: "1461257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461257", }, { category: "external", summary: "1461258", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461258", }, { category: "external", summary: "1461259", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461259", }, { category: "external", summary: "1461260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461260", }, { category: "external", summary: "1461261", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461261", }, { category: "external", summary: "1461262", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461262", }, { category: "external", summary: "1461264", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461264", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1561.json", }, ], title: "Red Hat Security Advisory: thunderbird security update", tracking: { current_release_date: "2024-11-22T11:12:42+00:00", generator: { date: "2024-11-22T11:12:42+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2017:1561", initial_release_date: "2017-06-21T04:36:28+00:00", revision_history: [ { date: "2017-06-21T04:36:28+00:00", number: "1", summary: "Initial version", }, { date: "2017-06-21T04:36:28+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T11:12:42+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 6)", product: { name: "Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.9.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 6)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.9.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 6)", product: { name: "Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.9.z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:6::workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Client (v. 7)", product: { name: "Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Server Optional (v. 7)", product: { name: "Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::server", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Workstation (v. 7)", product: { name: "Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:7::workstation", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", product: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", product_id: "thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@52.2.0-1.el6_9?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-0:52.2.0-1.el6_9.x86_64", product: { name: "thunderbird-0:52.2.0-1.el6_9.x86_64", product_id: "thunderbird-0:52.2.0-1.el6_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@52.2.0-1.el6_9?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", product: { name: "thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", product_id: "thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@52.2.0-1.el7_3?arch=x86_64", }, }, }, { category: "product_version", name: "thunderbird-0:52.2.0-1.el7_3.x86_64", product: { name: "thunderbird-0:52.2.0-1.el7_3.x86_64", product_id: "thunderbird-0:52.2.0-1.el7_3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@52.2.0-1.el7_3?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", product: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", product_id: "thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@52.2.0-1.el6_9?arch=i686", }, }, }, { category: "product_version", name: "thunderbird-0:52.2.0-1.el6_9.i686", product: { name: "thunderbird-0:52.2.0-1.el6_9.i686", product_id: "thunderbird-0:52.2.0-1.el6_9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@52.2.0-1.el6_9?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "thunderbird-0:52.2.0-1.el6_9.src", product: { name: "thunderbird-0:52.2.0-1.el6_9.src", product_id: "thunderbird-0:52.2.0-1.el6_9.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@52.2.0-1.el6_9?arch=src", }, }, }, { category: "product_version", name: "thunderbird-0:52.2.0-1.el7_3.src", product: { name: "thunderbird-0:52.2.0-1.el7_3.src", product_id: "thunderbird-0:52.2.0-1.el7_3.src", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@52.2.0-1.el7_3?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", product: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", product_id: "thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@52.2.0-1.el6_9?arch=s390x", }, }, }, { category: "product_version", name: "thunderbird-0:52.2.0-1.el6_9.s390x", product: { name: "thunderbird-0:52.2.0-1.el6_9.s390x", product_id: "thunderbird-0:52.2.0-1.el6_9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@52.2.0-1.el6_9?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", product: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", product_id: "thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@52.2.0-1.el6_9?arch=ppc64", }, }, }, { category: "product_version", name: "thunderbird-0:52.2.0-1.el6_9.ppc64", product: { name: "thunderbird-0:52.2.0-1.el6_9.ppc64", product_id: "thunderbird-0:52.2.0-1.el6_9.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@52.2.0-1.el6_9?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", product: { name: "thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", product_id: "thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@52.2.0-1.el7_3?arch=ppc64le", }, }, }, { category: "product_version", name: "thunderbird-0:52.2.0-1.el7_3.ppc64le", product: { name: "thunderbird-0:52.2.0-1.el7_3.ppc64le", product_id: "thunderbird-0:52.2.0-1.el7_3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@52.2.0-1.el7_3?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", product: { name: "thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", product_id: "thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird-debuginfo@52.2.0-1.el7_3?arch=aarch64", }, }, }, { category: "product_version", name: "thunderbird-0:52.2.0-1.el7_3.aarch64", product: { name: "thunderbird-0:52.2.0-1.el7_3.aarch64", product_id: "thunderbird-0:52.2.0-1.el7_3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/thunderbird@52.2.0-1.el7_3?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", }, product_reference: "thunderbird-0:52.2.0-1.el6_9.i686", relates_to_product_reference: "6Client-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el6_9.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", }, product_reference: "thunderbird-0:52.2.0-1.el6_9.ppc64", relates_to_product_reference: "6Client-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el6_9.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", }, product_reference: "thunderbird-0:52.2.0-1.el6_9.s390x", relates_to_product_reference: "6Client-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el6_9.src as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", }, product_reference: "thunderbird-0:52.2.0-1.el6_9.src", relates_to_product_reference: "6Client-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", }, product_reference: "thunderbird-0:52.2.0-1.el6_9.x86_64", relates_to_product_reference: "6Client-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", relates_to_product_reference: "6Client-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", relates_to_product_reference: "6Client-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", relates_to_product_reference: "6Client-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)", product_id: "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", relates_to_product_reference: "6Client-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", }, product_reference: "thunderbird-0:52.2.0-1.el6_9.i686", relates_to_product_reference: "6Server-optional-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el6_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", }, product_reference: "thunderbird-0:52.2.0-1.el6_9.ppc64", relates_to_product_reference: "6Server-optional-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el6_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", }, product_reference: "thunderbird-0:52.2.0-1.el6_9.s390x", relates_to_product_reference: "6Server-optional-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el6_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", }, product_reference: "thunderbird-0:52.2.0-1.el6_9.src", relates_to_product_reference: "6Server-optional-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", }, product_reference: "thunderbird-0:52.2.0-1.el6_9.x86_64", relates_to_product_reference: "6Server-optional-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", relates_to_product_reference: "6Server-optional-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", relates_to_product_reference: "6Server-optional-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", relates_to_product_reference: "6Server-optional-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)", product_id: "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", relates_to_product_reference: "6Server-optional-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", }, product_reference: "thunderbird-0:52.2.0-1.el6_9.i686", relates_to_product_reference: "6Workstation-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el6_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", }, product_reference: "thunderbird-0:52.2.0-1.el6_9.ppc64", relates_to_product_reference: "6Workstation-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el6_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", }, product_reference: "thunderbird-0:52.2.0-1.el6_9.s390x", relates_to_product_reference: "6Workstation-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el6_9.src as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", }, product_reference: "thunderbird-0:52.2.0-1.el6_9.src", relates_to_product_reference: "6Workstation-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", }, product_reference: "thunderbird-0:52.2.0-1.el6_9.x86_64", relates_to_product_reference: "6Workstation-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", relates_to_product_reference: "6Workstation-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", relates_to_product_reference: "6Workstation-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", relates_to_product_reference: "6Workstation-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)", product_id: "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", relates_to_product_reference: "6Workstation-6.9.z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el7_3.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", }, product_reference: "thunderbird-0:52.2.0-1.el7_3.aarch64", relates_to_product_reference: "7Client-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el7_3.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", }, product_reference: "thunderbird-0:52.2.0-1.el7_3.ppc64le", relates_to_product_reference: "7Client-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el7_3.src as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", }, product_reference: "thunderbird-0:52.2.0-1.el7_3.src", relates_to_product_reference: "7Client-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el7_3.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", }, product_reference: "thunderbird-0:52.2.0-1.el7_3.x86_64", relates_to_product_reference: "7Client-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", relates_to_product_reference: "7Client-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", relates_to_product_reference: "7Client-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", product_id: "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", relates_to_product_reference: "7Client-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el7_3.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", }, product_reference: "thunderbird-0:52.2.0-1.el7_3.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el7_3.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", }, product_reference: "thunderbird-0:52.2.0-1.el7_3.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el7_3.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", }, product_reference: "thunderbird-0:52.2.0-1.el7_3.src", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", }, product_reference: "thunderbird-0:52.2.0-1.el7_3.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", product_id: "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", relates_to_product_reference: "7Server-optional-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el7_3.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", }, product_reference: "thunderbird-0:52.2.0-1.el7_3.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el7_3.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", }, product_reference: "thunderbird-0:52.2.0-1.el7_3.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el7_3.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", }, product_reference: "thunderbird-0:52.2.0-1.el7_3.src", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-0:52.2.0-1.el7_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", }, product_reference: "thunderbird-0:52.2.0-1.el7_3.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", relates_to_product_reference: "7Workstation-7.3.Z", }, { category: "default_component_of", full_product_name: { name: "thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", product_id: "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", }, product_reference: "thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", relates_to_product_reference: "7Workstation-7.3.Z", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Tyson Smith", "Mats Palmgren", "Philipp", "Masayuki Nakano", "Christian Holler", "Andrew McCreight", "Gary Kwong", "André Bargull", "Carsten Book", "Jesse Schwartzentruber", "Julian Hector", "Marcia Knous", "Ronald Crane", "Nils", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-5470", discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1461264", }, ], notes: [ { category: "description", text: "Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", title: "Vulnerability description", }, { category: "summary", text: "Mozilla: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 (MFSA 2017-16)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-5470", }, { category: "external", summary: "RHBZ#1461264", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461264", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-5470", url: "https://www.cve.org/CVERecord?id=CVE-2017-5470", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-5470", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-5470", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5470", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5470", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "Mozilla: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 (MFSA 2017-16)", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Nils", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-5472", discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1461252", }, ], notes: [ { category: "description", text: "A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", title: "Vulnerability description", }, { category: "summary", text: "Mozilla: Use-after-free using destroyed node when regenerating trees (MFSA 2017-16)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-5472", }, { category: "external", summary: "RHBZ#1461252", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461252", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-5472", url: "https://www.cve.org/CVERecord?id=CVE-2017-5472", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-5472", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-5472", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5472", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5472", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Critical", }, ], title: "Mozilla: Use-after-free using destroyed node when regenerating trees (MFSA 2017-16)", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Nils", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7749", discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1461253", }, ], notes: [ { category: "description", text: "A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", title: "Vulnerability description", }, { category: "summary", text: "Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7749", }, { category: "external", summary: "RHBZ#1461253", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461253", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7749", url: "https://www.cve.org/CVERecord?id=CVE-2017-7749", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7749", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7749", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7749", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7749", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Nils", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7750", discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1461254", }, ], notes: [ { category: "description", text: "A use-after-free vulnerability during video control operations when a \"<track>\" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", title: "Vulnerability description", }, { category: "summary", text: "Mozilla: Use-after-free with track elements (MFSA 2017-16)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7750", }, { category: "external", summary: "RHBZ#1461254", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461254", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7750", url: "https://www.cve.org/CVERecord?id=CVE-2017-7750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7750", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7750", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7750", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7750", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Mozilla: Use-after-free with track elements (MFSA 2017-16)", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Nils", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7751", discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1461255", }, ], notes: [ { category: "description", text: "A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", title: "Vulnerability description", }, { category: "summary", text: "Mozilla: Use-after-free with content viewer listeners (MFSA 2017-16)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7751", }, { category: "external", summary: "RHBZ#1461255", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461255", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7751", url: "https://www.cve.org/CVERecord?id=CVE-2017-7751", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7751", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7751", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7751", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7751", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Mozilla: Use-after-free with content viewer listeners (MFSA 2017-16)", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Nils", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7752", discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1461256", }, ], notes: [ { category: "description", text: "A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", title: "Vulnerability description", }, { category: "summary", text: "Mozilla: Use-after-free with IME input (MFSA 2017-16)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7752", }, { category: "external", summary: "RHBZ#1461256", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461256", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7752", url: "https://www.cve.org/CVERecord?id=CVE-2017-7752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7752", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7752", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7752", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7752", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Mozilla: Use-after-free with IME input (MFSA 2017-16)", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Nils", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7754", discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1461257", }, ], notes: [ { category: "description", text: "An out-of-bounds read in WebGL with a maliciously crafted \"ImageInfo\" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", title: "Vulnerability description", }, { category: "summary", text: "Mozilla: Out-of-bounds read in WebGL with ImageInfo object (MFSA 2017-16)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7754", }, { category: "external", summary: "RHBZ#1461257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461257", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7754", url: "https://www.cve.org/CVERecord?id=CVE-2017-7754", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7754", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7754", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7754", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7754", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Mozilla: Out-of-bounds read in WebGL with ImageInfo object (MFSA 2017-16)", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Abhishek Arya", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7756", discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1461258", }, ], notes: [ { category: "description", text: "A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", title: "Vulnerability description", }, { category: "summary", text: "Mozilla: Use-after-free and use-after-scope logging XHR header errors (MFSA 2017-16)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7756", }, { category: "external", summary: "RHBZ#1461258", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461258", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7756", url: "https://www.cve.org/CVERecord?id=CVE-2017-7756", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7756", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7756", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7756", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7756", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Mozilla: Use-after-free and use-after-scope logging XHR header errors (MFSA 2017-16)", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "F. Alonso", ], organization: "revskills", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7757", discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1461259", }, ], notes: [ { category: "description", text: "A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", title: "Vulnerability description", }, { category: "summary", text: "Mozilla: Use-after-free in IndexedDB (MFSA 2017-16)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7757", }, { category: "external", summary: "RHBZ#1461259", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461259", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7757", url: "https://www.cve.org/CVERecord?id=CVE-2017-7757", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7757", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7757", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7757", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7757", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Mozilla: Use-after-free in IndexedDB (MFSA 2017-16)", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Nicolas Trippar", ], organization: "Zimperium zLabs", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7758", discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1461261", }, ], notes: [ { category: "description", text: "An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", title: "Vulnerability description", }, { category: "summary", text: "Mozilla: Out-of-bounds read in Opus encoder (MFSA 2017-16)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7758", }, { category: "external", summary: "RHBZ#1461261", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461261", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7758", url: "https://www.cve.org/CVERecord?id=CVE-2017-7758", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7758", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7758", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7758", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7758", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Mozilla: Out-of-bounds read in Opus encoder (MFSA 2017-16)", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Samuel Erb", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7764", discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1461262", }, ], notes: [ { category: "description", text: "Characters from the \"Canadian Syllabics\" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw \"punycode\" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from \"Aspirational Use Scripts\" such as Canadian Syllabics to be mixed with Latin characters in the \"moderately restrictive\" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as \"Limited Use Scripts.\". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", title: "Vulnerability description", }, { category: "summary", text: "Mozilla: Domain spoofing with combination of Canadian Syllabics and other unicode blocks (MFSA 2017-16)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7764", }, { category: "external", summary: "RHBZ#1461262", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461262", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7764", url: "https://www.cve.org/CVERecord?id=CVE-2017-7764", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7764", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7764", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7764", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7764", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Mozilla: Domain spoofing with combination of Canadian Syllabics and other unicode blocks (MFSA 2017-16)", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Holger Fuhrmannek", "Tyson Smith", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7771", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1472212", }, ], notes: [ { category: "description", text: "An out of bounds read flaw related to \"graphite2::Pass::readPass\" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.", title: "Vulnerability description", }, { category: "summary", text: "graphite2: out of bounds read in \"graphite2::Pass::readPass\"", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7771", }, { category: "external", summary: "RHBZ#1472212", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1472212", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7771", url: "https://www.cve.org/CVERecord?id=CVE-2017-7771", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7771", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7771", }, { category: "external", summary: "https://sourceforge.net/p/silgraphite/mailman/message/35824024/", url: "https://sourceforge.net/p/silgraphite/mailman/message/35824024/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "graphite2: out of bounds read in \"graphite2::Pass::readPass\"", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Holger Fuhrmannek", "Tyson Smith", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7772", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1472213", }, ], notes: [ { category: "description", text: "A heap-based buffer overflow flaw related to \"lz4::decompress\" has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "graphite2: heap-buffer-overflow write \"lz4::decompress\" (CVE-2017-7772)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7772", }, { category: "external", summary: "RHBZ#1472213", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1472213", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7772", url: "https://www.cve.org/CVERecord?id=CVE-2017-7772", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7772", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7772", }, { category: "external", summary: "https://sourceforge.net/p/silgraphite/mailman/message/35824024/", url: "https://sourceforge.net/p/silgraphite/mailman/message/35824024/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "graphite2: heap-buffer-overflow write \"lz4::decompress\" (CVE-2017-7772)", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Holger Fuhrmannek", "Tyson Smith", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7773", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1472215", }, ], notes: [ { category: "description", text: "A heap-based buffer overflow flaw related to \"lz4::decompress\" (src/Decompressor) has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "graphite2: heap-buffer-overflow write \"lz4::decompress\" (src/Decompressor)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7773", }, { category: "external", summary: "RHBZ#1472215", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1472215", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7773", url: "https://www.cve.org/CVERecord?id=CVE-2017-7773", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7773", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7773", }, { category: "external", summary: "https://sourceforge.net/p/silgraphite/mailman/message/35824024/", url: "https://sourceforge.net/p/silgraphite/mailman/message/35824024/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "graphite2: heap-buffer-overflow write \"lz4::decompress\" (src/Decompressor)", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Holger Fuhrmannek", "Tyson Smith", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7774", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1472219", }, ], notes: [ { category: "description", text: "An out of bounds read flaw related to \"graphite2::Silf::readGraphite\" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.", title: "Vulnerability description", }, { category: "summary", text: "graphite2: out of bounds read \"graphite2::Silf::readGraphite\"", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7774", }, { category: "external", summary: "RHBZ#1472219", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1472219", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7774", url: "https://www.cve.org/CVERecord?id=CVE-2017-7774", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7774", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7774", }, { category: "external", summary: "https://sourceforge.net/p/silgraphite/mailman/message/35824024/", url: "https://sourceforge.net/p/silgraphite/mailman/message/35824024/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "graphite2: out of bounds read \"graphite2::Silf::readGraphite\"", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Holger Fuhrmannek", "Tyson Smith", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7775", cwe: { id: "CWE-617", name: "Reachable Assertion", }, discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1472221", }, ], notes: [ { category: "description", text: "An assertion error has been reported in graphite2. An attacker could possibly exploit this flaw to cause an application crash.", title: "Vulnerability description", }, { category: "summary", text: "graphite2: assertion error \"size() > n\"", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7775", }, { category: "external", summary: "RHBZ#1472221", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1472221", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7775", url: "https://www.cve.org/CVERecord?id=CVE-2017-7775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7775", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7775", }, { category: "external", summary: "https://sourceforge.net/p/silgraphite/mailman/message/35824024/", url: "https://sourceforge.net/p/silgraphite/mailman/message/35824024/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "graphite2: assertion error \"size() > n\"", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Holger Fuhrmannek", "Tyson Smith", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7776", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1472223", }, ], notes: [ { category: "description", text: "An out of bounds read flaw related to \"graphite2::Silf::getClassGlyph\" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.", title: "Vulnerability description", }, { category: "summary", text: "graphite2: heap-buffer-overflow read \"graphite2::Silf::getClassGlyph\"", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7776", }, { category: "external", summary: "RHBZ#1472223", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1472223", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7776", url: "https://www.cve.org/CVERecord?id=CVE-2017-7776", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7776", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7776", }, { category: "external", summary: "https://sourceforge.net/p/silgraphite/mailman/message/35824024/", url: "https://sourceforge.net/p/silgraphite/mailman/message/35824024/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "graphite2: heap-buffer-overflow read \"graphite2::Silf::getClassGlyph\"", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Holger Fuhrmannek", "Tyson Smith", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7777", cwe: { id: "CWE-456", name: "Missing Initialization of a Variable", }, discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1472225", }, ], notes: [ { category: "description", text: "The use of uninitialized memory related to \"graphite2::GlyphCache::Loader::read_glyph\" has been reported in graphite2. An attacker could possibly exploit this flaw to negatively impact the execution of an application using graphite2 in unknown ways.", title: "Vulnerability description", }, { category: "summary", text: "graphite2: use of uninitialized memory \"graphite2::GlyphCache::Loader::read_glyph\"", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7777", }, { category: "external", summary: "RHBZ#1472225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1472225", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7777", url: "https://www.cve.org/CVERecord?id=CVE-2017-7777", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7777", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7777", }, { category: "external", summary: "https://sourceforge.net/p/silgraphite/mailman/message/35824024/", url: "https://sourceforge.net/p/silgraphite/mailman/message/35824024/", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "graphite2: use of uninitialized memory \"graphite2::GlyphCache::Loader::read_glyph\"", }, { acknowledgments: [ { names: [ "the Mozilla project", ], }, { names: [ "Holger Fuhrmannek", "Tyson Smith", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2017-7778", discovery_date: "2017-06-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1461260", }, ], notes: [ { category: "description", text: "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.", title: "Vulnerability description", }, { category: "summary", text: "Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2017-7778", }, { category: "external", summary: "RHBZ#1461260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1461260", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2017-7778", url: "https://www.cve.org/CVERecord?id=CVE-2017-7778", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2017-7778", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7778", }, { category: "external", summary: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", url: "https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778", }, ], release_date: "2017-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2017-06-21T04:36:28+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.", product_ids: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2017:1561", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Client-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Client-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Server-optional-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Server-optional-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.src", "6Workstation-6.9.z:thunderbird-0:52.2.0-1.el6_9.x86_64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.i686", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.ppc64", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.s390x", "6Workstation-6.9.z:thunderbird-debuginfo-0:52.2.0-1.el6_9.x86_64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Client-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Client-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Server-optional-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Server-optional-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.src", "7Workstation-7.3.Z:thunderbird-0:52.2.0-1.el7_3.x86_64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.aarch64", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.ppc64le", "7Workstation-7.3.Z:thunderbird-debuginfo-0:52.2.0-1.el7_3.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16)", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.