Updated thunderbird packages fix security vulnerability
Publication date: 27 Nov 2015Modification date: 27 Nov 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-4513 , CVE-2015-7189 , CVE-2015-7193 , CVE-2015-7197 , CVE-2015-7198 , CVE-2015-7199 , CVE-2015-7200
Description
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user
running Thunderbird (CVE-2015-4513, CVE-2015-7189, CVE-2015-7197,
CVE-2015-7198, CVE-2015-7199, CVE-2015-7200).
A same-origin policy bypass flaw was found in the way Thunderbird handled
certain cross-origin resource sharing (CORS) requests. A web page
containing malicious content could cause Thunderbird to disclose sensitive
information (CVE-2015-7193).
References
- https://bugs.mageia.org/show_bug.cgi?id=17234
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-123/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-127/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-132/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
- https://rhn.redhat.com/errata/RHSA-2015-2519.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200
SRPMS
5/core
- thunderbird-38.4.0-1.mga5
- thunderbird-l10n-38.4.0-1.mga5