openSUSE Security Update : Mozilla Thunderbird (openSUSE-2015-885)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

The MozillaThunderbird package was updated to version 38.4.0 to fix
several security and non security issues :

Changes in MozillaThunderbird :

- update to Thunderbird 38.4.0 (bnc#952810)

- MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous
memory safety hazards

- MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing
whitespace in IP address hostnames can bypass
same-origin policy

- MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer
overflow during image interactions in canvas

- MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight
is bypassed when non-standard Content-Type headers are

- MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory
corruption in libjar through zip files

- MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript
garbage collection crash with Java applet

- MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
(bmo#1188010, bmo#1204061, bmo#1204155) Vulnerabilities
found through code inspection

- MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content
WebSocket policy bypass through workers

- MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
(bmo#1202868, bmo#1205157) NSS and NSPR memory
corruption issues (fixed in mozilla-nspr and mozilla-nss

- requires NSPR 4.10.10 and NSS

- added explicit appdata provides (bnc#952325)

- fix build on aarch64 by reusing the crashreporter
conditional from MozillaFirefox

- fix libjpeg-turbo configuration

See also :

Solution :

Update the affected Mozilla Thunderbird packages.

Risk factor :

High / CVSS Base Score : 7.5

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now