Description
This update to Thunderbird 38.2.0 fixes the following issues (bnc#940806):
* MFSA 2015-79/CVE-2015-4473 Miscellaneous memory safety hazards
* MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with
malformed MP3 file
* MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of
non-configurable JavaScript object properties
* MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues
in libstagefright
* MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting
through Mozilla Maintenance Service with hard links (only affected
Windows)
* MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with
Updater and malicious MAR file (does not affect openSUSE RPM packages
which do not ship the updater)
* MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared
memory in JavaScript
* MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf
when scaling bitmap images
* MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
Buffer overflows on Libvpx when decoding WebM video
* MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities
found through code inspection
* MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in
XMLHttpRequest with shared workers