ASA-201612-2 generated external raw

[ASA-201612-2] thunderbird: arbitrary code execution
Arch Linux Security Advisory ASA-201612-2 ========================================= Severity: Critical Date : 2016-12-01 CVE-ID : CVE-2016-9079 Package : thunderbird Type : arbitrary code execution Remote : Yes Link : Summary ======= The package thunderbird before version 45.5.1-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 45.5.1-1. # pacman -Syu "thunderbird>=45.5.1-1" The problem has been fixed upstream in version 45.5.1. Workaround ========== None Description =========== A use-after-free vulnerability has been discovered in the SVG Animation component of Firefox, leading to arbitrary code execution. Impact ====== A remote attacker is able to execute arbitrary code by embedding a crafted SVG image in content displayed by Thunderbird. References ==========