openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-2734)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update brings Mozilla Thunderbird to version 1.5.0.10. It
contains stability fixes and some security fixes :

- MFSA 2007-01: As part of the Thunderbird 1.5.0.10 update
releases several bugs were fixed to improve the
stability of the browser. Some of these were crashes
that showed evidence of memory corruption and we presume
that with enough effort at least some of these could be
exploited to run arbitrary code. These fixes affected
the layout engine (CVE-2007-0775), SVG renderer
(CVE-2007-0776) and JavaScript engine (CVE-2007-0777).

- MFSA 2007-06: CVE-2007-0008: SSL clients such as Firefox
and Thunderbird can suffer a buffer overflow if a
malicious server presents a certificate with a public
key that is too small to encrypt the entire 'Master
Secret'. Exploiting this overflow appears to be
unreliable but possible if the SSLv2 protocol is
enabled.

Solution :

Update the affected MozillaThunderbird packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 27129 ()

Bugtraq ID:

CVE ID: CVE-2007-0008
CVE-2007-0775
CVE-2007-0776
CVE-2007-0777

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now