ArchLinux: 201607-4: thunderbird: arbitrary code execution
Summary
- CVE-2016-2815 (arbitrary code execution)
Mozilla developers and community members reported several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.
- CVE-2016-2818 (arbitrary code execution)
Mozilla developers and community members reported several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.
Resolution
Upgrade to 45.2.0-1.
# pacman -Syu "thunderbird>=45.2.0-1"
The problems have been fixed upstream in version 45.2.0.
References
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.2 https://access.redhat.com/security/cve/CVE-2016-2815 https://access.redhat.com/security/cve/CVE-2016-2818
Workaround
None.