MGASA-2016-0078
Vulnerability Summary
Timeline
Description
Updated thunderbird packages fix security vulnerability Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2016-1930, CVE-2016-1935). Multiple security flaws were found in the graphite2 font library bundled with Thunderbird. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526). Thunderbird includes a bundled copy of the graphite2 library, which has been updated in Thunderbird 38.6.0.
Affected Systems
- mageia•thunderbird
< 38.6.0-1.mga5
- mageia•thunderbird-l10n
< 38.6.0-1.mga5
References (15)
- https://advisories.mageia.org/MGASA-2016-0078.html
- https://bugs.mageia.org/show_bug.cgi?id=17781
- http://www.talosintel.com/reports/TALOS-2016-0057/
- http://www.talosintel.com/reports/TALOS-2016-0058/
- http://www.talosintel.com/reports/TALOS-2016-0059/
- http://www.talosintel.com/reports/TALOS-2016-0060/
- http://www.talosintel.com/reports/TALOS-2016-0061/
- http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
- https://rhn.redhat.com/errata/RHSA-2016-0071.html
- https://rhn.redhat.com/errata/RHSA-2016-0197.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00105.html