openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-2252)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This security update brings Mozilla Thunderbird to version 1.5.0.8.

More Details can be found on this page:
http://www.mozilla.org/projects/security/known-vulnerabilities.html

It includes fixes to the following security problems :

MFSA2006-65: Is split into 3 sub-entries, for ongoing stability
improvements in the Mozilla browsers: CVE-2006-5464: Layout engine
flaws were fixed. CVE-2006-5747: A xml.prototype.hasOwnProperty flaw
was fixed. CVE-2006-5748: Fixes were applied to the JavaScript engine.

MFSA2006-66/CVE-2006-5462: MFSA 2006-60 reported that RSA digital
signatures with a low exponent (typically 3) could be forged. Firefox
and Thunderbird 1.5.0.7, which incorporated NSS version 3.10.2, were
incompletely patched and remained vulnerable to a variant of this
attack.

MFSA2006-67/CVE-2006-5463: shutdown demonstrated that it was possible
to modify a Script object while it was executing, potentially leading
to the execution of arbitrary JavaScript bytecode.

See also :

http://www.mozilla.org/projects/security/known-vulnerabilities.html

Solution :

Update the affected MozillaThunderbird packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 27127 ()

Bugtraq ID:

CVE ID: CVE-2006-5462
CVE-2006-5463
CVE-2006-5464
CVE-2006-5747
CVE-2006-5748

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now