openSUSE Security Update : MozillaThunderbird (openSUSE-2015-495) (Logjam)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

MozillaThunderbird was updated to fix 20 security issues.

These security issues were fixed :

- CVE-2015-2727: Mozilla Firefox 38.0 and Firefox ESR 38.0
allowed user-assisted remote attackers to read arbitrary
files or execute arbitrary JavaScript code with chrome
privileges via a crafted website that is accessed with
unspecified mouse and keyboard actions. NOTE: this
vulnerability exists because of a CVE-2015-0821
regression (bsc#935979).

- CVE-2015-2725: Multiple unspecified vulnerabilities in
the browser engine in Mozilla Firefox before 39.0,
Firefox ESR 38.x before 38.1, and Thunderbird before
38.1 allowed remote attackers to cause a denial of
service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors
(bsc#935979).

- CVE-2015-2736: The nsZipArchive::BuildFileList function
in Mozilla Firefox before 39.0, Firefox ESR 31.x before
31.8 and 38.x before 38.1, and Thunderbird before 38.1
accesses unintended memory locations, which allowed
remote attackers to have an unspecified impact via a
crafted ZIP archive (bsc#935979).

- CVE-2015-2724: Multiple unspecified vulnerabilities in
the browser engine in Mozilla Firefox before 39.0,
Firefox ESR 31.x before 31.8 and 38.x before 38.1, and
Thunderbird before 38.1 allowed remote attackers to
cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code
via unknown vectors (bsc#935979).

- CVE-2015-2730: Mozilla Network Security Services (NSS)
before 3.19.1, as used in Mozilla Firefox before 39.0,
Firefox ESR 31.x before 31.8 and 38.x before 38.1, and
other products, did not properly perform Elliptical
Curve Cryptography (ECC) multiplications, which made it
easier for remote attackers to spoof ECDSA signatures
via unspecified vectors (bsc#935979).

- CVE-2015-2743: PDF.js in Mozilla Firefox before 39.0 and
Firefox ESR 31.x before 31.8 and 38.x before 38.1
enables excessive privileges for internal Workers, which
might allowed remote attackers to execute arbitrary code
by leveraging a Same Origin Policy bypass (bsc#935979).

- CVE-2015-2740: Buffer overflow in the
nsXMLHttpRequest::AppendToResponseText function in
Mozilla Firefox before 39.0, Firefox ESR 31.x before
31.8 and 38.x before 38.1, and Thunderbird before 38.1
might allowed remote attackers to cause a denial of
service or have unspecified other impact via unknown
vectors (bsc#935979).

- CVE-2015-2741: Mozilla Firefox before 39.0, Firefox ESR
38.x before 38.1, and Thunderbird before 38.1 do not
enforce key pinning upon encountering an X.509
certificate problem that generates a user dialog, which
allowed user-assisted man-in-the-middle attackers to
bypass intended access restrictions by triggering a (1)
expired certificate or (2) mismatched hostname for a
domain with pinning enabled (bsc#935979).

- CVE-2015-2728: The IndexedDatabaseManager class in the
IndexedDB implementation in Mozilla Firefox before 39.0
and Firefox ESR 31.x before 31.8 and 38.x before 38.1
misinterprets an unspecified IDBDatabase field as a
pointer, which allowed remote attackers to execute
arbitrary code or cause a denial of service (memory
corruption and application crash) via unspecified
vectors, related to a 'type confusion' issue
(bsc#935979).

- CVE-2015-2729: The
AudioParamTimeline::AudioNodeInputValue function in the
Web Audio implementation in Mozilla Firefox before 39.0
and Firefox ESR 38.x before 38.1 did not properly
calculate an oscillator rendering range, which allowed
remote attackers to obtain sensitive information from
process memory or cause a denial of service
(out-of-bounds read) via unspecified vectors
(bsc#935979).

- CVE-2015-2739: The ArrayBufferBuilder::append function
in Mozilla Firefox before 39.0, Firefox ESR 31.x before
31.8 and 38.x before 38.1, and Thunderbird before 38.1
accesses unintended memory locations, which has
unspecified impact and attack vectors (bsc#935979).

- CVE-2015-2738: The
YCbCrImageDataDeserializer::ToDataSourceSurface function
in the YCbCr implementation in Mozilla Firefox before
39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1,
and Thunderbird before 38.1 reads data from
uninitialized memory locations, which has unspecified
impact and attack vectors (bsc#935979).

- CVE-2015-2737: The rx::d3d11::SetBufferData function in
the Direct3D 11 implementation in Mozilla Firefox before
39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1,
and Thunderbird before 38.1 reads data from
uninitialized memory locations, which has unspecified
impact and attack vectors (bsc#935979).

- CVE-2015-2721: Mozilla Network Security Services (NSS)
before 3.19, as used in Mozilla Firefox before 39.0,
Firefox ESR 31.x before 31.8 and 38.x before 38.1,
Thunderbird before 38.1, and other products, did not
properly determine state transitions for the TLS state
machine, which allowed man-in-the-middle attackers to
defeat cryptographic protection mechanisms by blocking
messages, as demonstrated by removing a forward-secrecy
property by blocking a ServerKeyExchange message, aka a
'SMACK SKIP-TLS' issue (bsc#935979).

- CVE-2015-2735: nsZipArchive.cpp in Mozilla Firefox
before 39.0, Firefox ESR 31.x before 31.8 and 38.x
before 38.1, and Thunderbird before 38.1 accesses
unintended memory locations, which allowed remote
attackers to have an unspecified impact via a crafted
ZIP archive (bsc#935979).

- CVE-2015-2734: The
CairoTextureClientD3D9::BorrowDrawTarget function in the
Direct3D 9 implementation in Mozilla Firefox before
39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1,
and Thunderbird before 38.1 reads data from
uninitialized memory locations, which has unspecified
impact and attack vectors (bsc#935979).

- CVE-2015-2733: Use-after-free vulnerability in the
CanonicalizeXPCOMParticipant function in Mozilla Firefox
before 39.0 and Firefox ESR 31.x before 31.8 and 38.x
before 38.1 allowed remote attackers to execute
arbitrary code via vectors involving attachment of an
XMLHttpRequest object to a dedicated worker
(bsc#935979).

- CVE-2015-2722: Use-after-free vulnerability in the
CanonicalizeXPCOMParticipant function in Mozilla Firefox
before 39.0 and Firefox ESR 31.x before 31.8 and 38.x
before 38.1 allowed remote attackers to execute
arbitrary code via vectors involving attachment of an
XMLHttpRequest object to a shared worker (bsc#935979).

- CVE-2015-2731: Use-after-free vulnerability in the
CSPService::ShouldLoad function in the microtask
implementation in Mozilla Firefox before 39.0, Firefox
ESR 38.x before 38.1, and Thunderbird before 38.1
allowed remote attackers to execute arbitrary code by
leveraging client-side JavaScript that triggers removal
of a DOM object on the basis of a Content Policy
(bsc#935979).

- CVE-2015-4000: The TLS protocol 1.2 and earlier, when a
DHE_EXPORT ciphersuite is enabled on a server but not on
a client, did not properly convey a DHE_EXPORT choice,
which allowed man-in-the-middle attackers to conduct
cipher-downgrade attacks by rewriting a ClientHello with
DHE replaced by DHE_EXPORT and then rewriting a
ServerHello with DHE_EXPORT replaced by DHE, aka the
'Logjam' issue (bsc#931600).

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=931600
https://bugzilla.opensuse.org/show_bug.cgi?id=935979

Solution :

Update the affected MozillaThunderbird packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now