openSUSE Security Update : MozillaThunderbird (openSUSE-2017-188)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update to Mozilla Thunderbird 45.7.0 fixes security issues and
bugs.

The following security issues from advisory MFSA 2017-03 were fixed
(boo#1021991) In general, these flaws cannot be exploited through
email in Thunderbird because scripting is disabled when reading mail,
but are potentially risks in browser or browser-like contexts :

- CVE-2017-5375: Excessive JIT code allocation allows
bypass of ASLR and DEP (boo#1021814)

- CVE-2017-5376: Use-after-free in XSL (boo#1021817)

- CVE-2017-5378: Pointer and frame data leakage of
JavaScript objects (boo#1021818)

- CVE-2017-5380: Potential use-after-free during DOM
manipulations (boo#1021819)

- CVE-2017-5390: Insecure communication methods in
Developer Tools JSON viewer (boo#1021820)

- CVE-2017-5396: Use-after-free with Media Decoder
(boo#1021821)

- CVE-2017-5383: Location bar spoofing with unicode
characters (boo#1021822)

- CVE-2017-5373: Memory safety bugs fixed in Thunderbird
45.7 (boo#1021824)

The following non-security bugs were fixed :

- Message preview pane non-functional after IMAP folder
was renamed or moved

- 'Move To' button on 'Search Messages' panel not working

- Message sent to 'undisclosed recipients' shows no
recipient (non-functional since Thunderbird version 38)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1021814
https://bugzilla.opensuse.org/show_bug.cgi?id=1021817
https://bugzilla.opensuse.org/show_bug.cgi?id=1021818
https://bugzilla.opensuse.org/show_bug.cgi?id=1021819
https://bugzilla.opensuse.org/show_bug.cgi?id=1021820
https://bugzilla.opensuse.org/show_bug.cgi?id=1021821
https://bugzilla.opensuse.org/show_bug.cgi?id=1021822
https://bugzilla.opensuse.org/show_bug.cgi?id=1021824
https://bugzilla.opensuse.org/show_bug.cgi?id=1021991

Solution :

Update the affected MozillaThunderbird packages.

Risk factor :

Medium

Family: SuSE Local Security Checks

Nessus Plugin ID: 96941 ()

Bugtraq ID:

CVE ID: CVE-2017-5373
CVE-2017-5375
CVE-2017-5376
CVE-2017-5378
CVE-2017-5380
CVE-2017-5383
CVE-2017-5390
CVE-2017-5396

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now