Bug 6273 - [UPGRADE REQUEST] firefox-esr, thunderbird and seamonkey outdated
: [UPGRADE REQUEST] firefox-esr, thunderbird and seamonkey outdated
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-11 23:49 MSD by Igor Yakovlev
Modified: 2016-03-17 11:46 MSK (History)
3 users (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Igor Yakovlev 2015-10-11 23:49:14 MSD
need fix bugs and vulnerabilities

firefox-esr-24.8.0-1-rosa2014.1.x86_64 outdated, should be upgraded to 38.3
mozilla-thunderbird-38.2.0-1-rosa2014.1.x86_64 outdated, should be upgraded to 38.3
seamonkey-2.26.1-1-rosa2014.1.x86_64 outdated, should be upgraded to 2.38
Comment 1 Zombie Ryushu 2015-11-17 23:11:17 MSK
Escalation. FireFox ESR is a security risk and should be updated to 38.4.
Comment 2 Zombie Ryushu 2016-03-17 11:46:27 MSK
Further Escalation

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960,
CVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966).

Multiple security flaws were found in the graphite2 font library shipped
with Thunderbird. A web page containing malicious content could cause it
to crash or, potentially, execute arbitrary code with the privileges of the
user running Thunderbird (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791,
CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,
CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801,
CVE-2016-2802).

Opening a new bug for these new issues.