openSUSE Security Update : MozillaThunderbird (openSUSE-2015-374)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The Mozilla Thunderbird email, news, and chat client was updated to
version 31.7.0 to fix several security issues.

The following vulnerabilities were fixed (bnc#930622) :

- MFSA 2015-46/CVE-2015-2708 Miscellaneous memory safety
hazards

- MFSA 2015-47/CVE-2015-0797 (bmo#1080995) Buffer overflow
parsing H.264 video with Linux Gstreamer

- MFSA 2015-48/CVE-2015-2710 (bmo#1149542) Buffer overflow
with SVG content and CSS

- MFSA 2015-51/CVE-2015-2713 (bmo#1153478) Use-after-free
during text processing with vertical text enabled

- MFSA 2015-54/CVE-2015-2716 (bmo#1140537) Buffer overflow
when parsing compressed XML

- MFSA 2015-57/CVE-2011-3079 (bmo#1087565) Privilege
escalation through IPC channel messages

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=930622

Solution :

Update the affected MozillaThunderbird packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 83800 ()

Bugtraq ID:

CVE ID: CVE-2011-3079
CVE-2015-0797
CVE-2015-2708
CVE-2015-2710
CVE-2015-2713
CVE-2015-2716

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now