{
  "schema_version": "1.7.0",
  "id": "MGASA-2015-0462",
  "published": "2015-11-27T23:11:20Z",
  "modified": "2015-11-27T23:07:00Z",
  "summary": "Updated thunderbird packages fix security vulnerability",
  "details": "Several flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird (CVE-2015-4513, CVE-2015-7189, CVE-2015-7197,\nCVE-2015-7198, CVE-2015-7199, CVE-2015-7200).\n\nA same-origin policy bypass flaw was found in the way Thunderbird handled\ncertain cross-origin resource sharing (CORS) requests. A web page\ncontaining malicious content could cause Thunderbird to disclose sensitive\ninformation (CVE-2015-7193).\n",
  "upstream": [
    "CVE-2015-4513",
    "CVE-2015-7189",
    "CVE-2015-7193",
    "CVE-2015-7197",
    "CVE-2015-7198",
    "CVE-2015-7199",
    "CVE-2015-7200"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2015-0462.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=17234"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-123/"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-127/"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-132/"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2015-2519.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:5",
        "name": "thunderbird",
        "purl": "pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-5"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "38.4.0-1.mga5"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:5",
        "name": "thunderbird-l10n",
        "purl": "pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-5"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "38.4.0-1.mga5"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}