Arch Linux Security Advisory ASA-201612-2 ========================================= Severity: Critical Date : 2016-12-01 CVE-ID : CVE-2016-9079 Package : thunderbird Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package thunderbird before version 45.5.1-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 45.5.1-1. # pacman -Syu "thunderbird>=45.5.1-1" The problem has been fixed upstream in version 45.5.1. Workaround ========== None Description =========== A use-after-free vulnerability has been discovered in the SVG Animation component of Firefox, leading to arbitrary code execution. Impact ====== A remote attacker is able to execute arbitrary code by embedding a crafted SVG image in content displayed by Thunderbird. References ========== https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.5.1 https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/ https://access.redhat.com/security/cve/CVE-2016-9079