Security update for Mozilla Thunderbird SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2991-1 Final 1 1 2016-12-04T17:27:41Z current 2016-12-04T17:27:41Z 2016-12-04T17:27:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Mozilla Thunderbird This update contains Mozilla Thunderbird 45.5.1 and fixes one vulnerability. In Mozilla Thunderbird, this vulnerability may be exploited when used in a browser-like context. - CVE-2016-9079: SVG Animation Remote Code Execution (MFSA 2016-92, bsc#1012964, bmo#1321066) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00005.html E-Mail link for openSUSE-SU-2016:2991-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 openSUSE Leap 42.2 MozillaThunderbird-45.5.1-28.2 MozillaThunderbird-buildsymbols-45.5.1-28.2 MozillaThunderbird-devel-45.5.1-28.2 MozillaThunderbird-translations-common-45.5.1-28.2 MozillaThunderbird-translations-other-45.5.1-28.2 MozillaThunderbird-45.5.1-28.2 as a component of openSUSE Leap 42.1 MozillaThunderbird-buildsymbols-45.5.1-28.2 as a component of openSUSE Leap 42.1 MozillaThunderbird-devel-45.5.1-28.2 as a component of openSUSE Leap 42.1 MozillaThunderbird-translations-common-45.5.1-28.2 as a component of openSUSE Leap 42.1 MozillaThunderbird-translations-other-45.5.1-28.2 as a component of openSUSE Leap 42.1 MozillaThunderbird-45.5.1-28.2 as a component of openSUSE Leap 42.2 MozillaThunderbird-buildsymbols-45.5.1-28.2 as a component of openSUSE Leap 42.2 MozillaThunderbird-devel-45.5.1-28.2 as a component of openSUSE Leap 42.2 MozillaThunderbird-translations-common-45.5.1-28.2 as a component of openSUSE Leap 42.2 MozillaThunderbird-translations-other-45.5.1-28.2 as a component of openSUSE Leap 42.2 A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. CVE-2016-9079 openSUSE Leap 42.1:MozillaThunderbird-45.5.1-28.2 openSUSE Leap 42.1:MozillaThunderbird-buildsymbols-45.5.1-28.2 openSUSE Leap 42.1:MozillaThunderbird-devel-45.5.1-28.2 openSUSE Leap 42.1:MozillaThunderbird-translations-common-45.5.1-28.2 openSUSE Leap 42.1:MozillaThunderbird-translations-other-45.5.1-28.2 openSUSE Leap 42.2:MozillaThunderbird-45.5.1-28.2 openSUSE Leap 42.2:MozillaThunderbird-buildsymbols-45.5.1-28.2 openSUSE Leap 42.2:MozillaThunderbird-devel-45.5.1-28.2 openSUSE Leap 42.2:MozillaThunderbird-translations-common-45.5.1-28.2 openSUSE Leap 42.2:MozillaThunderbird-translations-other-45.5.1-28.2 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00005.html https://www.suse.com/security/cve/CVE-2016-9079.html CVE-2016-9079 https://bugzilla.suse.com/1012964 SUSE Bug 1012964