CVE-2016-9893

Published: 13 December 2016

Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (released 50.1.0)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (50.1.0+build2-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [50.1.0+build2-0ubuntu0.14.04.1])
thunderbird
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:45.7.0+build1-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:45.7.0+build1-0ubuntu0.14.04.1])