Updated thunderbird packages fix security vulnerabilities
Publication date: 27 Aug 2015Modification date: 27 Aug 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-4473 , CVE-2015-4487 , CVE-2015-4488 , CVE-2015-4489 , CVE-2015-4491
Description
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489).
References
- https://bugs.mageia.org/show_bug.cgi?id=16648
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-79/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-88/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
- https://rhn.redhat.com/errata/RHSA-2015-1682.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491
SRPMS
4/core
- thunderbird-38.2.0-1.mga4
- thunderbird-l10n-38.2.0-1.mga4
5/core
- thunderbird-38.2.0-1.mga5
- thunderbird-l10n-38.2.0-1.mga5