openSUSE Security Update : MozillaThunderbird (openSUSE-2015-558)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update to Thunderbird 38.2.0 fixes the following issues
(bnc#940806) :

- MFSA 2015-79/CVE-2015-4473 Miscellaneous memory safety
hazards

- MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds
read with malformed MP3 file

- MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of
non-configurable JavaScript object properties

- MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
Overflow issues in libstagefright

- MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file
overwriting through Mozilla Maintenance Service with
hard links (only affected Windows)

- MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds
write with Updater and malicious MAR file (does not
affect openSUSE RPM packages which do not ship the
updater)

- MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when
using shared memory in JavaScript

- MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow
in gdk-pixbuf when scaling bitmap images

- MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948,
bmo#1178148) Buffer overflows on Libvpx when decoding
WebM video

- MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
Vulnerabilities found through code inspection

- MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free
in XMLHttpRequest with shared workers

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=940806

Solution :

Update the affected MozillaThunderbird packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now