Adding Thunderbird 38.3 advisories
This commit is contained in:
Al Billings
Родитель
29f15a774b
Коммит
fbffdecb01
|
|
@ -3,6 +3,7 @@ announced: September 22, 2015
|
|||
fixed_in:
|
||||
- Firefox 41
|
||||
- Firefox ESR 38.3
|
||||
- Thunderbird 38.3
|
||||
impact: High
|
||||
reporter: Holger Fuhrmannek
|
||||
title: Arbitrary file manipulation by local user through Mozilla updater
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ announced: September 22, 2015
|
|||
fixed_in:
|
||||
- Firefox 41
|
||||
- Firefox ESR 38.3
|
||||
- Thunderbird 38.3
|
||||
- SeaMonkey 2.38
|
||||
impact: Moderate
|
||||
reporter: Khalil Zhani
|
||||
|
|
@ -16,6 +17,10 @@ vp9 format video could be used to trigger a buffer overflow while parsing the fi
|
|||
leads to a potentially exploitable crash due to a flaw in the libvpx library.
|
||||
</p>
|
||||
|
||||
<p class="note">In general this flaw cannot be exploited through email in the
|
||||
Thunderbird product because scripting is disabled, but is potentially a risk in
|
||||
browser or browser-like contexts.</p>
|
||||
|
||||
<h3>References</h3>
|
||||
|
||||
<ul>
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ announced: September 22, 2015
|
|||
fixed_in:
|
||||
- Firefox 41
|
||||
- Firefox ESR 38.3
|
||||
- Thunderbird 38.3
|
||||
- SeaMonkey 2.38
|
||||
impact: High
|
||||
reporter: Atte Kettunen
|
||||
|
|
@ -17,6 +18,10 @@ format video with maliciously formatted headers. This leads to a potentially exp
|
|||
crash.
|
||||
</p>
|
||||
|
||||
<p class="note">In general this flaw cannot be exploited through email in the
|
||||
Thunderbird product because scripting is disabled, but is potentially a risk in
|
||||
browser or browser-like contexts.</p>
|
||||
|
||||
<h3>References</h3>
|
||||
|
||||
<ul>
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ announced: September 22, 2015
|
|||
fixed_in:
|
||||
- Firefox 41
|
||||
- Firefox ESR 38.3
|
||||
- Thunderbird 38.3
|
||||
- SeaMonkey 2.38
|
||||
impact: Critical
|
||||
reporter: Anonymous
|
||||
|
|
@ -16,6 +17,10 @@ vulnerability with HTML media elements on a page during script manipulation of t
|
|||
table of these elements. This results in a potentially exploitable crash.
|
||||
</p>
|
||||
|
||||
<p class="note">In general this flaw cannot be exploited through email in the
|
||||
Thunderbird product because scripting is disabled, but is potentially a risk in
|
||||
browser or browser-like contexts.</p>
|
||||
|
||||
<h3>References</h3>
|
||||
|
||||
<ul>
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ announced: September 22, 2015
|
|||
fixed_in:
|
||||
- Firefox 41
|
||||
- Firefox ESR 38.3
|
||||
- Thunderbird 38.3
|
||||
- SeaMonkey 2.38
|
||||
impact: Moderate
|
||||
reporter: Mario Gomes
|
||||
|
|
@ -19,6 +20,10 @@ href="https://fetch.spec.whatwg.org/">Fetch specification's</a> defined behavior
|
|||
APIs. This can allow for information leakage.
|
||||
</p>
|
||||
|
||||
<p class="note">In general this flaw cannot be exploited through email in the
|
||||
Thunderbird product because scripting is disabled, but is potentially a risk in
|
||||
browser or browser-like contexts.</p>
|
||||
|
||||
<h3>References</h3>
|
||||
|
||||
<ul>
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ announced: September 22, 2015
|
|||
fixed_in:
|
||||
- Firefox 41
|
||||
- Firefox ESR 38.3
|
||||
- Thunderbird 38.3
|
||||
- SeaMonkey 2.38
|
||||
impact: High
|
||||
reporter: Ehsan Akhgari
|
||||
|
|
@ -23,6 +24,10 @@ system will see the previously cached request as applicable.</p>
|
|||
CORS responses, the values from different <code>Access-Control-</code> headers can be used
|
||||
that present in the same response. </p>
|
||||
|
||||
<p class="note">In general this flaw cannot be exploited through email in the
|
||||
Thunderbird product because scripting is disabled, but is potentially a risk in
|
||||
browser or browser-like contexts.</p>
|
||||
|
||||
<h3>References</h3>
|
||||
|
||||
<ul>
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ announced: September 22, 2015
|
|||
fixed_in:
|
||||
- Firefox 41
|
||||
- Firefox ESR 38.3
|
||||
- Thunderbird 38.3
|
||||
- SeaMonkey 2.38
|
||||
impact: High
|
||||
reporter: Ronald Crane
|
||||
|
|
@ -20,6 +21,10 @@ exploited through web content but are vulnerable if a mechanism can be found to
|
|||
them.
|
||||
</p>
|
||||
|
||||
<p class="note">In general this flaw cannot be exploited through email in the
|
||||
Thunderbird product because scripting is disabled, but is potentially a risk in
|
||||
browser or browser-like contexts.</p>
|
||||
|
||||
<h3>References</h3>
|
||||
|
||||
<ul>
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ announced: September 22, 2015
|
|||
fixed_in:
|
||||
- Firefox 41
|
||||
- Firefox ESR 38.3
|
||||
- Thunderbird 38.3
|
||||
- SeaMonkey 2.38
|
||||
impact: Critical
|
||||
reporter: Ronald Crane
|
||||
|
|
@ -24,6 +25,10 @@ crash.
|
|||
systems.
|
||||
</p>
|
||||
|
||||
<p class="note">In general this flaw cannot be exploited through email in the
|
||||
Thunderbird product because scripting is disabled, but is potentially a risk in
|
||||
browser or browser-like contexts.</p>
|
||||
|
||||
<h3>References</h3>
|
||||
|
||||
<ul>
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ fixed_in:
|
|||
- Firefox 41
|
||||
- Firefox ESR 38.3
|
||||
- SeaMonkey 2.38
|
||||
- Thunderbird 38.3
|
||||
impact: Critical
|
||||
reporter: Mozilla Developers
|
||||
title: Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче