{"id":"MGASA-2016-0078","summary":"Updated thunderbird packages fix security vulnerability","details":"Several flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Thunderbird to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Thunderbird (CVE-2016-1930, CVE-2016-1935).\n\nMultiple security flaws were found in the graphite2 font library bundled\nwith Thunderbird. A web page containing malicious content could cause\nThunderbird to crash or, potentially, execute arbitrary code with the\nprivileges of the user running Thunderbird (CVE-2016-1521, CVE-2016-1522,\nCVE-2016-1523, CVE-2016-1526).\n\nThunderbird includes a bundled copy of the graphite2 library, which has\nbeen updated in Thunderbird 38.6.0.\n","modified":"2026-04-16T01:47:49.921985373Z","published":"2016-02-17T19:06:01Z","upstream":["CVE-2016-1521","CVE-2016-1522","CVE-2016-1523","CVE-2016-1526","CVE-2016-1930","CVE-2016-1935"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0078.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17781"},{"type":"WEB","url":"http://www.talosintel.com/reports/TALOS-2016-0057/"},{"type":"WEB","url":"http://www.talosintel.com/reports/TALOS-2016-0058/"},{"type":"WEB","url":"http://www.talosintel.com/reports/TALOS-2016-0059/"},{"type":"WEB","url":"http://www.talosintel.com/reports/TALOS-2016-0060/"},{"type":"WEB","url":"http://www.talosintel.com/reports/TALOS-2016-0061/"},{"type":"WEB","url":"http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/"},{"type":"WEB","url":"https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2016-0071.html"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2016-0197.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00105.html"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"38.6.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0078.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"38.6.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0078.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}