openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:0640-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This is a MozillaThunderbird update to version 24.5.0 :

- MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety
hazards

- MFSA 2014-37/CVE-2014-1523 (bmo#969226) Out of bounds
read while decoding JPG images

- MFSA 2014-38/CVE-2014-1524 (bmo#989183) Buffer overflow
when using non-XBL object as XBL

- MFSA 2014-42/CVE-2014-1529 (bmo#987003) Privilege
escalation through Web Notification API

- MFSA 2014-43/CVE-2014-1530 (bmo#895557) Cross-site
scripting (XSS) using history navigations

- MFSA 2014-44/CVE-2014-1531 (bmo#987140) Use-after-free
in imgLoader while resizing images

- MFSA 2014-46/CVE-2014-1532 (bmo#966006) Use-after-free
in nsHostResolver

- use shipped-locales as the authoritative source for
supported locales (some unsupported locales disappear
from -other package)

See also :

http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html
https://bugzilla.novell.com/show_bug.cgi?id=875378

Solution :

Update the affected MozillaThunderbird packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now