Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 702638 (CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, MFSA-2019-37) - <www-client/{firefox,thunderbird}{,-bin}-68.3.0: multiple vulnerabilities (MFSA-2019-{37,38})
Summary: <www-client/{firefox,thunderbird}{,-bin}-68.3.0: multiple vulnerabilities (MF...
Status: RESOLVED FIXED
Alias: CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, MFSA-2019-37
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://www.mozilla.org/en-US/securit...
Whiteboard: A2 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-13 01:20 UTC by GLSAMaker/CVETool Bot
Modified: 2020-03-14 16:04 UTC (History)
1 user (show)

See Also:
Package list:
www-client/firefox-68.3.0 mail-client/thunderbird-68.3.0 amd64 x86
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-12-13 01:20:32 UTC
CVE-2019-17008 (https://nvd.nist.gov/vuln/detail/CVE-2019-17008):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-11745 (https://nvd.nist.gov/vuln/detail/CVE-2019-11745):
  Out-of-bounds write when passing an output buffer smaller than the block
  size to NSC_EncryptUpdate.

CVE-2019-17010 (https://nvd.nist.gov/vuln/detail/CVE-2019-17010):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-17005 (https://nvd.nist.gov/vuln/detail/CVE-2019-17005):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-17011 (https://nvd.nist.gov/vuln/detail/CVE-2019-17011):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-17012 (https://nvd.nist.gov/vuln/detail/CVE-2019-17012):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2019-12-13 01:22:52 UTC
CVE-2019-17008: Use-after-free in worker destruction

Impact
    high

Description

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash.
References


CVE-2019-17010: Use-after-free when performing device orientation checks

Impact
    moderate

Description

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash.


CVE-2019-17005: Buffer overflow in plain text serializer

Impact
    moderate

Description

The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash.


CVE-2019-17011: Use-after-free when retrieving a document in antitracking

Impact
    moderate

Description

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash.


CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3

Impact
    high

Description

Memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2019-12-13 01:25:12 UTC
Adding mail-client/thunderbird which is sharing all CVEs.
Comment 3 Agostino Sarubbo gentoo-dev 2019-12-13 12:54:36 UTC
amd64 stable
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2019-12-14 21:52:59 UTC
x86 stable
Comment 5 Larry the Git Cow gentoo-dev 2019-12-22 22:07:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16f135f15a3c7a0bd717e145fc59f19d0541660b

commit 16f135f15a3c7a0bd717e145fc59f19d0541660b
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-12-22 22:06:45 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-12-22 22:07:17 +0000

    mail-client/thunderbird-bin: security cleanup
    
    Bug: https://bugs.gentoo.org/702638
    Package-Manager: Portage-2.3.82, Repoman-2.3.20
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 mail-client/thunderbird-bin/Manifest               |  55 -------
 .../thunderbird-bin/thunderbird-bin-68.2.2.ebuild  | 182 ---------------------
 2 files changed, 237 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=daebd5310d5939867d0a1457c9253850ceb14631

commit daebd5310d5939867d0a1457c9253850ceb14631
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-12-22 22:03:33 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-12-22 22:07:15 +0000

    mail-client/thunderbird: security cleanup
    
    Bug: https://bugs.gentoo.org/702638
    Package-Manager: Portage-2.3.82, Repoman-2.3.20
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 mail-client/thunderbird/Manifest                  | 108 ---
 mail-client/thunderbird/thunderbird-68.2.2.ebuild | 778 ---------------------
 mail-client/thunderbird/thunderbird-68.3.0.ebuild | 779 ----------------------
 3 files changed, 1665 deletions(-)
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2019-12-28 01:21:09 UTC
arm64 stable
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-12 18:50:26 UTC
Added to an existing GLSA.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2020-03-12 19:14:44 UTC
This issue was resolved and addressed in
 GLSA 202003-02 at https://security.gentoo.org/glsa/202003-02
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-12 19:15:53 UTC
Re-opening for Thunderbird.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2020-03-14 16:04:06 UTC
This issue was resolved and addressed in
 GLSA 202003-10 at https://security.gentoo.org/glsa/202003-10
by GLSA coordinator Thomas Deutschmann (whissi).