Synopsis: Important: thunderbird security update Advisory ID: SLSA-2016:0460-1 Issue Date: 2016-03-16 CVE Numbers: CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 CVE-2016-1960 CVE-2016-1961 CVE-2016-1964 CVE-2016-1966 CVE-2016-1974 -- Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966) Multiple security flaws were found in the graphite2 font library shipped with Thunderbird. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) After installing the update, Thunderbird must be restarted for the changes to take effect. -- SL5 x86_64 thunderbird-38.7.0-1.el5_11.x86_64.rpm thunderbird-debuginfo-38.7.0-1.el5_11.x86_64.rpm i386 thunderbird-38.7.0-1.el5_11.i386.rpm thunderbird-debuginfo-38.7.0-1.el5_11.i386.rpm SL6 x86_64 thunderbird-38.7.0-1.el6_7.x86_64.rpm thunderbird-debuginfo-38.7.0-1.el6_7.x86_64.rpm i386 thunderbird-38.7.0-1.el6_7.i686.rpm thunderbird-debuginfo-38.7.0-1.el6_7.i686.rpm SL7 x86_64 thunderbird-38.7.0-1.el7_2.x86_64.rpm thunderbird-debuginfo-38.7.0-1.el7_2.x86_64.rpm - Scientific Linux Development Team