Advisories ยป MGASA-2015-0492

Updated thunderbird packages fix security vulnerabilities

Publication date: 28 Dec 2015
Modification date: 28 Dec 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-7201 , CVE-2015-7205 , CVE-2015-7212 , CVE-2015-7213 , CVE-2015-7214

Description

Updated thunderbird packages fix security vulnerabilities:

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird (CVE-2015-7201, CVE-2015-7205, CVE-2015-7210, CVE-2015-7212,
CVE-2015-7213, CVE-2015-7222).

A flaw was found in the way Thunderbird handled content using the 'data:' and
'view-source:' URIs. An attacker could use this flaw to bypass the
same-origin policy and read data from cross-site URLs and local files
(CVE-2015-7214).
                

References

SRPMS

5/core