Opened 5 years ago

Closed 5 years ago

#11608 closed enhancement (fixed)


Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: high Milestone: 8.4
Component: BOOK Version: SVN
Severity: normal Keywords:


New minor version

Security release

Change History (7)

comment:1 by Douglas R. Reno, 5 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 5 years ago

Priority: normalhigh

These seem to be similar vulnerabilities to Firefox, including remotely exploitable:

#CVE-2018-18500: Use-after-free parsing HTML5 stream

    Yaniv Frank with SophosLabs


A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash.

    Bug 1510114

#CVE-2018-18505: Privilege escalation through IPC channel messages

    Jed Davis


An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process.

    Bug 1497749

#CVE-2016-5824: DoS (use-after-free) via a crafted ics file

    Brandon Perry


A vulnerability in the Libical libary used by Thunderbird can allow remote attackers to cause a denial of service (use-after-free) via a crafted ICS calendar file.

    Bug 1275400

#CVE-2018-18501: Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5

    Mozilla developers and community


Mozilla developers and community members Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, and Christian Holler reported memory safety bugs present in Firefox 64, Firefox ESR 60.4, and Thunderbird 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

    Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5

I'm calling this a critical update, and will work on it and Node.JS overnight. They'll be in by the end of tomorrow at the latest.

comment:3 by Douglas R. Reno, 5 years ago

Thunderbird 60.5.0 changes:

Thunderbird Release Notes
Version 60.5.0, first offered to channel users on January 29, 2019

Check out "What’s New" and "Known Issues" for this version of Thunderbird below. As always, you’re encouraged to tell us what you think, or file a bug in Bugzilla. If interested, please see the complete list of changes in this release.

If you have installed Lightning, Thunderbird's Calendar add-on, it will automatically be updated to match the new version of Thunderbird. Refer to this Calendar troubleshooting article in case of problems.

System Requirements: • Window: Windows 7, Windows Server 2008 R2 or later • Mac: Mac OS X 10.9 or later • Linux: GTK+ 3.4 or higher. Details here.

Please refer to Release Notes for version 60.0 to see the list of improvements and fixed issues.

What’s New


    FileLink provider WeTransfer to upload large attachments

    Thunderbird now allows the addition of OpenSearch search engines from a local XML file using a minimal user inferface: [+] button to select a file an add, [-] to remove.

    More search engines: Google and DuckDuckGo available by default in some locales

    During account creation, Thunderbird will now detect servers using the Microsoft Exchange protocol. It will offer the installation of a 3rd party add-on (Owl) which supports that protocol.

    Thunderbird now compatible with other WebExtension-based FileLink add-ons like the Dropbox add-on

    Crash when using custom sound for new email notification

    WebExtension-based dictionaries from not working in Thunderbird

    Calendar: Printing of calendars not working

    Various security fixes

Known Issues


    Due to changes in the Mozilla platform profiles stored on Windows network shares addressed via drive letters are now addressed via UNC

    CalDav access to some servers not working. Workaround: Set preference network.cookie.same-site.enabled to false.

    Chat: Twitter not working due to API changes at

comment:4 by Douglas R. Reno, 5 years ago

Heads up guys, I'm having some issues with the build process on this one, after say about 27 minutes of compiling at -j4. I get either an ICE or I run out of memory. I need an extra day or two more to figure this out, and then it'll be in.

comment:5 by Douglas R. Reno, 5 years ago

253:42.61     INPUT("../../media/mtransport/third_party/nICEr/nicer_nicer/stun_proc.o")
253:42.61     INPUT("../../media/mtransport/third_party/nICEr/nicer_nicer/stun_server_ctx.o")
253:42.61     INPUT("../../media/mtransport/third_party/nICEr/nicer_nicer/stun_util.o")
253:42.61     INPUT("../../media/mtransport/third_party/nICEr/nicer_nicer/turn_client_ctx.o")
253:42.61     INPUT("../../media/mtransport/third_party/nICEr/nicer_nicer/cb_args.o")
253:42.61     INPUT("../../media/mtransport/third_party/nICEr/nicer_nicer/ice_util.o")
253:42.61     INPUT("../../media/mtransport/third_party/nICEr/nicer_nicer/Unified_c_third_party_nICEr0.o")
253:42.61     INPUT("../../media/mtransport/third_party/nrappkit/nrappkit_nrappkit/r_log.o")
253:42.61     INPUT("../../media/mtransport/third_party/nrappkit/nrappkit_nrappkit/byteorder.o")
253:42.61     INPUT("../../media/mtransport/third_party/nrappkit/nrappkit_nrappkit/hex.o")
253:42.61     INPUT("../../media/mtransport/third_party/nrappkit/nrappkit_nrappkit/debug.o")
253:42.61     INPUT("../../media/mtransport/third_party/nrappkit/nrappkit_nrappkit/r_assoc.o")
253:42.61     INPUT("../../media/mtransport/third_party/nrappkit/nrappkit_nrappkit/r_crc32.o")
253:42.61     INPUT("../../media/mtransport/third_party/nrappkit/nrappkit_nrappkit/r_data.o")
253:42.61     INPUT("../../media/mtransport/third_party/nrappkit/nrappkit_nrappkit/r_errors.o")
253:42.61     INPUT("../../media/mtransport/third_party/nrappkit/nrappkit_nrappkit/r_list.o")
253:42.61     INPUT("../../media/mtransport/third_party/nrappkit/nrappkit_nrappkit/r_memory.o")
253:42.61     INPUT("../../media/mtransport/third_party/nrappkit/nrappkit_nrappkit/r_replace.o")
253:42.61     INPUT("../../media/mtransport/third_party/nrappkit/nrappkit_nrappkit/r_time.o")
253:42.61     INPUT("../../media/mtransport/third_party/nrappkit/nrappkit_nrappkit/p_buf.o")
253:42.61     INPUT("../../media/mtransport/third_party/nrappkit/nrappkit_nrappkit/util.o")
253:42.61     INPUT("../../media/mtransport/third_party/nrappkit/nrappkit_nrappkit/Unified_c_nrappkit0.o")
253:42.61     INPUT("../../media/psshparser/Unified_cpp_media_psshparser0.o")
253:42.61     INPUT("StaticXULComponentsEnd/StaticXULComponentsEnd.o")
253:42.61 collect2: fatal error: ld terminated with signal 9 [Killed]
253:42.61 compilation terminated.
253:42.61 /usr/bin/ld: error: is too large (0x3fae7656 bytes)
253:42.61 make[4]: *** [/sources/thunderbird-60.5.0/thunderbird-60.5.0/config/] Error 1
253:42.61 make[4]: *** Deleting file ''
253:42.61 make[4]: Leaving directory '/sources/thunderbird-60.5.0/thunderbird-60.5.0/obj-x86_64-pc-linux-gnu/toolkit/library'
253:42.61 make[3]: *** [/sources/thunderbird-60.5.0/thunderbird-60.5.0/config/ toolkit/library/target] Error 2
253:42.61 make[3]: Leaving directory '/sources/thunderbird-60.5.0/thunderbird-60.5.0/obj-x86_64-pc-linux-gnu'
253:42.61 make[2]: *** [/sources/thunderbird-60.5.0/thunderbird-60.5.0/config/ compile] Error 2
253:42.61 make[2]: Leaving directory '/sources/thunderbird-60.5.0/thunderbird-60.5.0/obj-x86_64-pc-linux-gnu'
253:42.61 make[1]: *** [/sources/thunderbird-60.5.0/thunderbird-60.5.0/config/ default] Error 2
253:42.61 make[1]: Leaving directory '/sources/thunderbird-60.5.0/thunderbird-60.5.0/obj-x86_64-pc-linux-gnu'
253:42.61 make: *** [ build] Error 2
253:42.66 549 compiler warnings present.
253:43.49 /usr/bin/notify-send --app-name=Mozilla Build System Mozilla Build System Build failed

Going to give it another whirl. The whole reason why it's running this slow is that my system lost its lunch when I tried to build it for myself. At -j4, it's 31 SBU.

Going to continue to investigate, but I figured I'd show what I'm talking about.

comment:6 by Douglas R. Reno, 5 years ago

Alright, I'm committing this now.

I managed to figure out my problem.

comment:7 by Douglas R. Reno, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r21087

Note: See TracTickets for help on using tickets.