openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4070)

critical Nessus Plugin ID 53774

Synopsis

The remote openSUSE host is missing a security update.

Description

MozillaThunderbird was updated to version 3.1.8, fixing various security issues.

Following security issues were fixed: MFSA 2011-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.
(CVE-2011-0053)

Igor Bukanov and Gary Kwong reported memory safety problems that affected Firefox 3.6 only. (CVE-2011-0062)

MFSA 2011-08 / CVE-2010-1585: Mozilla security developer Roberto Suggi Liverani reported that ParanoidFragmentSink, a class used to sanitize potentially unsafe HTML for display, allows javascript: URLs and other inline JavaScript when the embedding document is a chrome document.
While there are no unsafe uses of this class in any released products, extension code could have potentially used it in an unsafe manner.

MFSA 2011-09 / CVE-2011-0061: Security researcher Jordi Chancel reported that a JPEG image could be constructed that would be decoded incorrectly, causing data to be written past the end of a buffer created to store the image. An attacker could potentially craft such an image that would cause malicious code to be stored in memory and then later executed on a victim's computer.

Solution

Update the affected MozillaThunderbird packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=667155

Plugin Details

Severity: Critical

ID: 53774

File Name: suse_11_2_MozillaThunderbird-110302.nasl

Version: 1.7

Type: local

Agent: unix

Published: 5/5/2011

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:mozillathunderbird, p-cpe:/a:novell:opensuse:mozillathunderbird-devel, p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common, p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other, p-cpe:/a:novell:opensuse:enigmail, cpe:/o:novell:opensuse:11.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 3/2/2011

Reference Information

CVE: CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0058, CVE-2011-0059, CVE-2011-0061, CVE-2011-0062