Multiple vulnerabilities in Mozilla Thunderbird could allow an unauthenticated, remote attacker to execute arbitrary code, bypass security restrictions, spoof email addresses, access sensitive information, or cause a denial of service (DoS) condition on an affected system.
This update addresses five vulnerabilities that exist in various components and features of the affected software. An attacker could exploit these vulnerabilities by persuading a user to open a malicious web page using the affected software. A successful exploit could allow the attacker to execute arbitrary code, bypass security restrictions, spoof email addresses, access sensitive information, or cause a DoS condition.
The following Mozilla products are vulnerable:
- Thunderbird prior to version 52.5.2
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that the links or attachments included in email messages are safe, they are advised not to open them.
Administrators are advised to monitor affected systems.
Mozilla has released security advisories at the following link: mfsa2017-30
Mozilla has released software updates at the following link: Thunderbird version 52.5.2
CentOS packages can be updated using the up2date or yum command.
FreeBSD has released a VuXML document at the following link: mozilla -- multiple vulnerabilities
FreeBSD has released ports collection updates at the following link: Ports Collection Index
Red Hat has released multiple CVE statements and a security advisory for multiple bugs at the following links: CVE-2017-7829, CVE-2017-7846, CVE-2017-7847, CVE-2017-7848, and RHSA-2018-0061
Red Hat has released updated software for registered subscribers at the following link: Red Hat Network. Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later by using the yum tool.