An integer overflow during the parsing of XML using the Expat library. External References: https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063
Acknowledgments: Name: the Mozilla project Upstream: Gustavo Grieco
Statement: This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.
Upstream patch: https://github.com/libexpat/libexpat/commit/d4f735b88d9932bd5039df2335eefdd0723dbe20
Created compat-expat1 tracking bugs for this issue: Affects: fedora-all [bug 1462758] Created expat tracking bugs for this issue: Affects: fedora-all [bug 1462756] Created expat21 tracking bugs for this issue: Affects: epel-all [bug 1462755] Created mingw-expat tracking bugs for this issue: Affects: epel-7 [bug 1462757]
Expat upstream fixed this issue via the following commit: https://github.com/libexpat/libexpat/commit/d4f735b88d9932bd5039df2335eefdd0723dbe20
Created mingw-expat tracking bugs for this issue: Affects: fedora-all [bug 1478230]