Updated thunderbird packages fix security vulnerabilities
Publication date: 02 Oct 2015Modification date: 02 Oct 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-4500 , CVE-2015-4509 , CVE-2015-4517 , CVE-2015-4519 , CVE-2015-4520 , CVE-2015-4521 , CVE-2015-4522 , CVE-2015-7174 , CVE-2015-7175 , CVE-2015-7176 , CVE-2015-7177 , CVE-2015-7180
Description
Updated thunderbird packages fix security vulnerabilities:
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird (CVE-2015-4500, CVE-2015-4509, CVE-2015-4517, CVE-2015-4521,
CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177,
CVE-2015-7180).
Two information leak flaws were found in the processing of malformed web
content. A web page containing malicious content could cause Thunderbird to
disclose sensitive information or, in certain cases, crash (CVE-2015-4519,
CVE-2015-4520).
References
- https://bugs.mageia.org/show_bug.cgi?id=16871
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-106/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-110/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-111/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
- https://rhn.redhat.com/errata/RHSA-2015-1852.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180
SRPMS
5/core
- thunderbird-38.3.0-1.mga5
- thunderbird-l10n-38.3.0-1.mga5