Synopsis: Important: thunderbird security update Advisory ID: SLSA-2016:0001-1 Issue Date: 2016-01-05 CVE Numbers: CVE-2015-7201 CVE-2015-7212 CVE-2015-7205 CVE-2015-7213 CVE-2015-7214 -- Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-7201, CVE-2015-7205, CVE-2015-7212, CVE-2015-7213) A flaw was found in the way Thunderbird handled content using the 'data:' and 'view-source:' URIs. An attacker could use this flaw to bypass the same-origin policy and read data from cross-site URLs and local files. (CVE-2015-7214) After installing the update, Thunderbird must be restarted for the changes to take effect. -- SL5 x86_64 thunderbird-38.5.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-38.5.0-1.el5_11.x86_64.rpm i386 thunderbird-38.5.0-1.el5_11.i386.rpm thunderbird-debuginfo-38.5.0-1.el5_11.i386.rpm SL6 x86_64 thunderbird-38.5.0-1.el6_7.x86_64.rpm thunderbird-debuginfo-38.5.0-1.el6_7.x86_64.rpm i386 thunderbird-38.5.0-1.el6_7.i686.rpm thunderbird-debuginfo-38.5.0-1.el6_7.i686.rpm SL7 x86_64 thunderbird-38.5.0-1.el7_2.x86_64.rpm thunderbird-debuginfo-38.5.0-1.el7_2.x86_64.rpm - Scientific Linux Development Team