openSUSE Security Update : MozillaThunderbird (openSUSE-2017-955)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for MozillaThunderbird to version 52.3 fixes security
issues and bugs. The following vulnerabilities were fixed :

- CVE-2017-7798: XUL injection in the style editor in

- CVE-2017-7800: Use-after-free in WebSockets during

- CVE-2017-7801: Use-after-free with marquee during window

- CVE-2017-7784: Use-after-free with image observers

- CVE-2017-7802: Use-after-free resizing image elements

- CVE-2017-7785: Buffer overflow manipulating ARIA
attributes in DOM

- CVE-2017-7786: Buffer overflow while painting
non-displayable SVG

- CVE-2017-7753: Out-of-bounds read with cached style data
and pseudo-elements#

- CVE-2017-7787: Same-origin policy bypass with iframes
through page reloads

- CVE-2017-7807: Domain hijacking through AppCache

- CVE-2017-7792: Buffer overflow viewing certificates with
an extremely long OID

- CVE-2017-7804: Memory protection bypass through

- CVE-2017-7791: Spoofing following page navigation with
data: protocol and modal alerts

- CVE-2017-7782: WindowsDllDetourPatcher allocates memory
without DEP protections

- CVE-2017-7803: CSP containing 'sandbox' improperly

- CVE-2017-7779: Memory safety bugs fixed in Firefox 55
and Firefox ESR 52.3

The following bugs were fixed :

- Unwanted inline images shown in rogue SPAM messages

- Deleting message from the POP3 server not working when
maildir storage was used

- Message disposition flag (replied / forwarded) lost when
reply or forwarded message was stored as draft and draft
was sent later

- Inline images not scaled to fit when printing

- Selected text from another message sometimes included in
a reply

- No authorisation prompt displayed when inserting image
into email body although image URL requires

- Large attachments taking a long time to open under some

See also :

Solution :

Update the affected MozillaThunderbird packages.

Risk factor :


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now