Advisories ยป MGASA-2016-0078

Updated thunderbird packages fix security vulnerability

Publication date: 17 Feb 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1930 , CVE-2016-1935 , CVE-2016-1521 , CVE-2016-1522 , CVE-2016-1523 , CVE-2016-1526

Description

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user
running Thunderbird (CVE-2016-1930, CVE-2016-1935).

Multiple security flaws were found in the graphite2 font library bundled
with Thunderbird. A web page containing malicious content could cause
Thunderbird to crash or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird (CVE-2016-1521, CVE-2016-1522,
CVE-2016-1523, CVE-2016-1526).

Thunderbird includes a bundled copy of the graphite2 library, which has
been updated in Thunderbird 38.6.0.
                

References

SRPMS

5/core