Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2015-28 Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter. Statement: This issue does not affect the version of thunderbird package as shipped with Red Hat Enterprise Linux 5, 6 and 7.
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2015:0718 https://rhn.redhat.com/errata/RHSA-2015-0718.html