openSUSE Security Update : MozillaThunderbird (openSUSE-2015-877)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The MozillaThunderbird package was updated to fix the following
security and non security issues :

- update to Thunderbird 38.4.0 (bnc#952810)

- MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous
memory safety hazards

- MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing
whitespace in IP address hostnames can bypass
same-origin policy

- MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer
overflow during image interactions in canvas

- MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight
is bypassed when non-standard Content-Type headers are
received

- MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory
corruption in libjar through zip files

- MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript
garbage collection crash with Java applet

- MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
(bmo#1188010, bmo#1204061, bmo#1204155) Vulnerabilities
found through code inspection

- MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content
WebSocket policy bypass through workers

- MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
(bmo#1202868, bmo#1205157) NSS and NSPR memory
corruption issues (fixed in mozilla-nspr and mozilla-nss
packages)

- requires NSPR 4.10.10 and NSS 3.19.2.1

- added explicit appdata provides (bnc#952325)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=952325
https://bugzilla.opensuse.org/show_bug.cgi?id=952810

Solution :

Update the affected MozillaThunderbird packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now