As per upstream advisory: An out of bounds write while processing vorbis audio data was reported through the Pwn2Own contest.
External References: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08
This issue is now public via upstream advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
*** Bug 1557113 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2018:0549 https://access.redhat.com/errata/RHSA-2018:0549
Created mozjs45 tracking bugs for this issue: Affects: fedora-all [bug 1558176] Created mozjs38 tracking bugs for this issue: Affects: fedora-all [bug 1558177] Created thunderbird tracking bugs for this issue: Affects: fedora-all [bug 1558173] Created mingw-libvorbis tracking bugs for this issue: Affects: fedora-all [bug 1558174] Created libvorbis tracking bugs for this issue: Affects: fedora-all [bug 1558170] Created xulrunner tracking bugs for this issue: Affects: fedora-26 [bug 1558172] Created mingw-libvorbis tracking bugs for this issue: Affects: epel-7 [bug 1558171] Created mozjs38 tracking bugs for this issue: Affects: epel-7 [bug 1558175]
It appears that mozjs does not build vorbis support.
Acknowledgments: Name: the Mozilla project Upstream: Richard Zhu via Trend Micro's Zero Day Initiative
Upstream patch (libvorbis): https://git.xiph.org/?p=vorbis.git;a=commit;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
Thunderbird 52.7 ESR includes this fix.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:0649 https://access.redhat.com/errata/RHSA-2018:0649
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0648 https://access.redhat.com/errata/RHSA-2018:0648
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:0647 https://access.redhat.com/errata/RHSA-2018:0647
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1058 https://access.redhat.com/errata/RHSA-2018:1058
Statement: Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. The affected code is present in esc and xulrunner, however esc has no support for audio, and xulrunner is limited to using only local content that an attacker can not control. These components are not impacted by this vulnerability.