Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2015-4513, CVE-2015-7189, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200). A same-origin policy bypass flaw was found in the way Thunderbird handled certain cross-origin resource sharing (CORS) requests. A web page containing malicious content could cause Thunderbird to disclose sensitive information (CVE-2015-7193).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 5 | noarch | thunderbird | < 38.4.0-1 | thunderbird-38.4.0-1.mga5 |
Mageia | 5 | noarch | thunderbird-l10n | < 38.4.0-1 | thunderbird-l10n-38.4.0-1.mga5 |
bugs.mageia.org/show_bug.cgi?id=17234
rhn.redhat.com/errata/RHSA-2015-2519.html
www.mozilla.org/en-US/security/advisories/mfsa2015-116/
www.mozilla.org/en-US/security/advisories/mfsa2015-123/
www.mozilla.org/en-US/security/advisories/mfsa2015-127/
www.mozilla.org/en-US/security/advisories/mfsa2015-131/
www.mozilla.org/en-US/security/advisories/mfsa2015-132/
www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/