openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:0976-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

MozillaThunderbird was updated to Thunderbird 24.7.0 (bnc#887746)

- MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous
memory safety hazards

- MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free
with FireOnStateChange event

- MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable
WebGL crash with Cesium JavaScript library

- MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free
while when manipulating certificates in the trusted
cache (solved with NSS 3.16.2 requirement)

- MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia
library when scaling high quality images

A standalone enigmail 1.7 package that was previously built as part of
MozillaThunderbird was added.

See also :

http://lists.opensuse.org/opensuse-updates/2014-08/msg00007.html
https://bugzilla.novell.com/show_bug.cgi?id=887746

Solution :

Update the affected MozillaThunderbird packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 77131 ()

Bugtraq ID: 68811
68814
68816
68818
68822
68824

CVE ID: CVE-2014-1544
CVE-2014-1547
CVE-2014-1548
CVE-2014-1555
CVE-2014-1556
CVE-2014-1557

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now