Updated thunderbird packages fix security vulnerabilities
Publication date: 28 Dec 2015Modification date: 28 Dec 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-7201 , CVE-2015-7205 , CVE-2015-7212 , CVE-2015-7213 , CVE-2015-7214
Description
Updated thunderbird packages fix security vulnerabilities:
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird (CVE-2015-7201, CVE-2015-7205, CVE-2015-7210, CVE-2015-7212,
CVE-2015-7213, CVE-2015-7222).
A flaw was found in the way Thunderbird handled content using the 'data:' and
'view-source:' URIs. An attacker could use this flaw to bypass the
same-origin policy and read data from cross-site URLs and local files
(CVE-2015-7214).
References
- https://bugs.mageia.org/show_bug.cgi?id=17386
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-139/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-145/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-146/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-149/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
- https://rhn.redhat.com/errata/RHSA-2015-2657.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214
SRPMS
5/core
- thunderbird-38.5.0-1.mga5
- thunderbird-l10n-38.5.0-1.mga5