openSUSE Security Update : MozillaThunderbird / seamonkey (openSUSE-SU-2014:0584-1)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Mozilla Thunderbird was updated to 24.4.0. Mozilla SeaMonkey was
updated to 2.25.

- MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous
memory safety hazards

- MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds
read during WAV file decoding

- MFSA 2014-18/CVE-2014-1498 (bmo#935618)
crypto.generateCRMFRequest does not validate type of key

- MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack
on WebRTC permission prompt

- MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload
and JavaScript navigation DOS

- MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content
injection from one domain to rendering in another

- MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content Security
Policy for data: documents not preserved by session
restore

- MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information
disclosure through polygon rendering in MathML

- MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory
corruption in Cairo during PDF font rendering

- MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters
information disclosure through feDisplacementMap

- MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906,
bmo#982909) Privilege escalation using
WebIDL-implemented APIs

- MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free
in TypeObject

- MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds
read/write through neutering ArrayBuffer objects

- MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds
write through TypedArrayObject after neutering

See also :

http://lists.opensuse.org/opensuse-updates/2014-04/msg00064.html
https://bugzilla.novell.com/show_bug.cgi?id=868603

Solution :

Update the affected MozillaThunderbird / seamonkey packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true