1
PublicDateAtUSN: 2017-04-20
2
Candidate: CVE-2017-5438
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438
6
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5438
7
https://usn.ubuntu.com/usn/usn-3260-1
8
https://usn.ubuntu.com/usn/usn-3278-1
10
A use-after-free vulnerability during XSLT processing due to the result
11
handler being held by a freed handler during handling. This results in a
12
potentially exploitable crash. This vulnerability affects Thunderbird <
13
52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
19
Assigned-to: chrisccoulson
22
upstream_firefox: released (53.0)
23
precise_firefox: ignored
24
precise/esm_firefox: DNE (precise was ignored)
25
trusty_firefox: released (53.0+build6-0ubuntu0.14.04.1)
26
vivid/ubuntu-core_firefox: DNE
27
vivid/stable-phone-overlay_firefox: DNE
28
xenial_firefox: released (53.0+build6-0ubuntu0.16.04.1)
29
yakkety_firefox: released (53.0+build6-0ubuntu0.16.10.1)
30
zesty_firefox: released (53.0+build6-0ubuntu0.17.04.1)
31
devel_firefox: released (54.0+build3-0ubuntu1)
34
Priority_thunderbird: low
35
upstream_thunderbird: released (52.1.1)
36
precise_thunderbird: ignored (reached end-of-life)
37
precise/esm_thunderbird: DNE (precise was needs-triage)
38
trusty_thunderbird: released (1:52.1.1+build1-0ubuntu0.14.04.1)
39
vivid/ubuntu-core_thunderbird: DNE
40
vivid/stable-phone-overlay_thunderbird: DNE
41
xenial_thunderbird: released (1:52.1.1+build1-0ubuntu0.16.04.1)
42
yakkety_thunderbird: released (1:52.1.1+build1-0ubuntu0.16.10.1)
43
zesty_thunderbird: released (1:52.1.1+build1-0ubuntu0.17.04.1)
44
devel_thunderbird: released (1:52.1.1+build1-0ubuntu1)