thunderbird-68.4.1-2.AXS4
エラータID: AXSA:2020-4431:01
リリース日:
2020/01/21 Tuesday - 03:53
題名:
thunderbird-68.4.1-2.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
- Thunderbirdには、 タグをクリップボードからリッチテキストエディタに
ペーストする際に、CSS サニタイザが誤って @namespace ルールを上書きしてしまい、
ウェブサイトにインジェクションを行い、データ抽出が可能な脆弱性があります。
(CVE-2019-17016)
- Thunderbirdには、オブジェクトタイプを処理する型がないため、型の取り違えが生じ、
その結果クラッシュを引き起こし、困難ではあるものの任意のコードの実行が可能な脆弱性が
あります。(CVE-2019-17017)
- Thunderbirdには、 タグをクリップボードからリッチテキストエディタに
ペーストする際に、CSS サニタイザが "<" と ">" の文字をエスケープしてお
らず、ウェブページが他の innerHTML へ割り当てるノードの innerHTML をコ
ピーすると、クロスサイトスクリプト (XSS) 脆弱性が生じる脆弱性がありま
す。(CVE-2019-17022)
- Thunderbirdには、メモリ安全性のバグが存在し、これらのバグのいくつかには
メモリ破壊を行い、困難ではあるものの任意のコードを実行する可能性の
ある脆弱性があります。(CVE-2019-17024)
- Thunderbirdには、配列の要素の設定に不正なエイリアス情報があるため、型の取り違え
が起こる脆弱性があります。(CVE-2019-17026)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-17016
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
CVE-2019-17017
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
CVE-2019-17022
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
CVE-2019-17024
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
CVE-2019-17026
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報:
N/A
ダウンロード:
SRPMS
- thunderbird-68.4.1-2.AXS4.src.rpm
MD5: ce21b29ababc1f23d2a902d8a2f775fa
SHA-256: 4c60ba6a7b0adb36a06b737656a922764e77a7561c2eb73ced1220f9cfb0e11f
Size: 516.87 MB
Asianux Server 4 for x86
- thunderbird-68.4.1-2.AXS4.i686.rpm
MD5: efd59a256b5cac908ac87ae948ea3b06
SHA-256: 87c27606f2787ac6591c028ab8a633f5ea0a6f2329244501d701c642cdd88e76
Size: 109.43 MB
Asianux Server 4 for x86_64
- thunderbird-68.4.1-2.AXS4.x86_64.rpm
MD5: 5282a361c4ae44fe34e4c0ed38d42dd1
SHA-256: 8a7f391d0b5d92258eb5c94d657eaf61ec6cd5c161cd1377990342bb70a1c6f5
Size: 109.15 MB
English