Updated thunderbird package fixes security vulnerabilities
Publication date: 27 Jul 2015Modification date: 27 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-2724 , CVE-2015-2734 , CVE-2015-2735 , CVE-2015-2736 , CVE-2015-2737 , CVE-2015-2738 , CVE-2015-2739 , CVE-2015-2740
Description
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird (CVE-2015-2724, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736,
CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740).
References
- https://bugs.mageia.org/show_bug.cgi?id=16285
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
- https://rhn.redhat.com/errata/RHSA-2015-1455.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740
SRPMS
4/core
- thunderbird-38.1.0-1.mga4
- thunderbird-l10n-38.1.0-1.mga4
5/core
- thunderbird-38.1.0-1.mga5
- thunderbird-l10n-38.1.0-1.mga5