Opened 2 years ago

Closed 23 months ago

#12465 closed enhancement (fixed)

seamonkey-2.49.5

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: highest Milestone: 9.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Bruce Dubbs, 23 months ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 23 months ago

For SeaMonkey 2.49.5, the following extensions which were omitted from previous releases are again included.

  • ChatZilla
  • DOM Inspector
  • Lightning

What's New in SeaMonkey 2.49.5

SeaMonkey 2.49.5 contains (among other changes) the following major changes relative to SeaMonkey 2.49.4:

SeaMonkey 2.49.5 uses the same backend as Firefox and contains the relevant Firefox 52.9.0 ESR security fixes.

SeaMonkey 2.49.5 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 52.9.1 release notes for specific changes and security fixes in this release.

Additional security fixes up to ESR 60.2 and a few enhancements have been backported. SeaMonkey-specific changes

Among the general platform and mail fixes this release contains backported fixes from Thunderbird for the EFAIL security vulnerability.

SeaMonkey now uses gtk3 on Linux. If you experience a problem because of this please file a bug

and link it to Switch Linux builds to GTK3 with SeaMonkey 2.49. Pleae try another OS theme first. Some of them are buggy and cause problems with SeaMonkey, Thunderbird and Firefox.

comment:3 by Douglas R. Reno, 23 months ago

Priority: normalhighest

First, here's the Thunderbird release notes that it mentions:

What’s New

    changed

    Thunderbird will now prompt to compact IMAP folders even if the account is online. Note: Under certain circumstances an incorrect estimate of the expected gain is shown.
    fixed

    Complete fix of the EFAIL vulnerability: 1) Removing some HTML crafted to carry out an attack. 2) Optionally: Not decrypting subordinate message parts that otherwise might reveal decrypted content to the attacker. Preference mailnews.p7m_subparts_external needs to be set to true for added security.
    fixed

    Various problems when forwarding messages inline when using "simple" HTML view
    fixed

    Deleting or detaching attachments corrupted messages under certain circumstances (not working only in Thunderbird version 52.9.0)
    fixed

    Various security fixes

Here are the security fixes for Thunderbird:

Mozilla Foundation Security Advisory 2018-18
Security vulnerabilities fixed in Thunderbird 52.9

Announced
    July 3, 2018
Impact
    critical
Products
    Thunderbird
Fixed in

        Thunderbird 52.9

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
#CVE-2018-12359: Buffer overflow using computed size of canvas element

Reporter
    Nils
Impact
    critical

Description

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the <canvas> element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash.
References

    Bug 1459162

#CVE-2018-12360: Use-after-free when using focus()

Reporter
    Nils
Impact
    critical

Description

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash.
References

    Bug 1459693

#CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML emails

Reporter
    Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk
Impact
    high

Description

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward.
References

    Bug 1419417

#CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward

Reporter
    Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, Jörg Schwenk
Impact
    high

Description

dDecrypted S/MIME parts hidden with CSS or <plaintext> can leak plaintext when included in a HTML reply/forward.
References

    CVE-2018-12373
    Suppress <plaintext> in email messages

#CVE-2018-12362: Integer overflow in SSSE3 scaler

Reporter
    F. Alonso (revskills)
Impact
    high

Description

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash.
References

    Bug 1452375

#CVE-2018-12363: Use-after-free when appending DOM nodes

Reporter
    Nils
Impact
    high

Description

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash.
References

    Bug 1464784

#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins

Reporter
    David Black
Impact
    high

Description

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks.
References

    Bug 1436241

#CVE-2018-12365: Compromised IPC child process can list local filenames

Reporter
    Alex Gaynor
Impact
    moderate

Description

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files.
References

    Bug 1459206

#CVE-2018-12366: Invalid data handling during QCMS transformations

Reporter
    OSS-Fuzz
Impact
    moderate

Description

An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output.
References

    Bug 1464039

#CVE-2018-12368: No warning when opening executable SettingContent-ms files

Reporter
    Abdulrahman Alqabandi
Impact
    moderate

Description

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems
Note: this issue only affects Windows operating systems. Other operating systems are unaffected.
References

    Bug 1468217
    The Tale of SettingContent-ms Files

#CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing enter in form field

Reporter
    Hanno Boeck
Impact
    low

Description

Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field.
References

    Bug 1462910

#CVE-2018-5188: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 52.9

Reporter
    Mozilla developers and community
Impact
    critical

Description

Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jon Coppeard, Nicolas B. Pierron, Jason Kratzer, Marcia Knous, and Ronald Crane reported memory safety bugs present in Firefox 60, Firefox ESR 60, Firefox ESR 52.8, and Thunderbird 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 52.9

Now Firefox:

Mozilla Foundation Security Advisory 2018-17
Security vulnerabilities fixed in Firefox ESR 52.9

Announced
    June 26, 2018
Impact
    critical
Products
    Firefox ESR
Fixed in

        Firefox ESR 52.9

#CVE-2018-12359: Buffer overflow using computed size of canvas element

Reporter
    Nils
Impact
    critical

Description

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the <canvas> element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash.
References

    Bug 1459162

#CVE-2018-12360: Use-after-free when using focus()

Reporter
    Nils
Impact
    critical

Description

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash.
References

    Bug 1459693

#CVE-2018-12362: Integer overflow in SSSE3 scaler

Reporter
    F. Alonso (revskills)
Impact
    high

Description

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash.
References

    Bug 1452375

#CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture

Reporter
    Nils
Impact
    high

Description

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occuring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash.
References

    Bug 1453127

#CVE-2018-12363: Use-after-free when appending DOM nodes

Reporter
    Nils
Impact
    high

Description

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash.
References

    Bug 1464784

#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins

Reporter
    David Black
Impact
    high

Description

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks.
References

    Bug 1436241

#CVE-2018-12365: Compromised IPC child process can list local filenames

Reporter
    Alex Gaynor
Impact
    moderate

Description

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files.
References

    Bug 1459206

#CVE-2018-12366: Invalid data handling during QCMS transformations

Reporter
    OSS-Fuzz
Impact
    moderate

Description

An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output.
References

    Bug 1464039

#CVE-2018-12368: No warning when opening executable SettingContent-ms files

Reporter
    Abdulrahman Alqabandi
Impact
    moderate

Description

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems
Note: this issue only affects Windows operating systems. Other operating systems are unaffected.
References

    Bug 1468217
    The Tale of SettingContent-ms Files

#CVE-2018-5188: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9

Reporter
    Mozilla developers and community
Impact
    critical

Description

Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jon Coppeard, Nicolas B. Pierron, Jason Kratzer, Marcia Knous, and Ronald Crane reported memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9

comment:4 by Bruce Dubbs, 23 months ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 22100.

Note: See TracTickets for help on using tickets.