SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2023:3664-1)

high Nessus Plugin ID 181580

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3664-1 advisory.

Security fixes:

- Mozilla Thunderbird 115.2.2 (MFSA 2023-40, bsc#1215245)
- CVE-2023-4863: Fixed heap buffer overflow in libwebp (bmo#1852649).

- Mozilla Thunderbird 115.2 (MFSA 2023-38, bsc#1214606)
- CVE-2023-4573: Memory corruption in IPC CanvasTranslator (bmo#1846687)
- CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback (bmo#1846688)
- CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback (bmo#1846689)
- CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation (bmo#1846694)
- CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics (bmo#1847397)
- CVE-2023-4051: Full screen notification obscured by file open dialog (bmo#1821884)
- CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (bmo#1839007)
- CVE-2023-4053: Full screen notification obscured by external program (bmo#1839079)
- CVE-2023-4580: Push notifications saved to disk unencrypted (bmo#1843046)
- CVE-2023-4581: XLL file extensions were downloadable without warnings (bmo#1843758)
- CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv (bmo#1773874)
- CVE-2023-4583: Browsing Context potentially not cleared when closing Private Window (bmo#1842030)
- CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529)
- CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (bmo#1751583, bmo#1833504, bmo#1841082, bmo#1847904, bmo#1848999)

Other fixes:

Mozilla Thunderbird 115.2.1
* new: Column separators are now shown between all columns in tree view (bmo#1847441)
* fixed: Crash reporter did not work in Thunderbird Flatpak (bmo#1843102)
* fixed: New mail notification always opened message in message pane, even if pane was disabled (bmo#1840092)
* fixed: After moving an IMAP message to another folder, the incorrect message was selected in the message list (bmo#1845376)
* fixed: Adding a tag to an IMAP message opened in a tab failed (bmo#1844452)
* fixed: Junk/Spam folders were not always shown in Unified Folders mode (bmo#1838672)
* fixed: Middle-clicking a folder or message did not open it in a background tab, as in previous versions (bmo#1842482)
* fixed: Settings tab visual improvements: Advanced Fonts dialog, Section headers hidden behind search box (bmo#1717382,bmo#1846751)
* fixed: Various visual and style fixes (bmo#1843707,bmo#1849823)

Mozilla Thunderbird 115.2
* new: Thunderbird MSIX packages are now published on archive.mozilla.org (bmo#1817657)
* changed: Size, Unread, and Total columns are now right- aligned (bmo#1848604)
* changed: Newsgroup names in message list header are now abbreviated (bmo#1833298)
* fixed: Message compose window did not apply theme colors to menus (bmo#1845699)
* fixed: Reading the second new message in a folder cleared the unread indicator of all other new messages (bmo#1839805)
* fixed: Displayed counts of unread or flagged messages could become out-of-sync (bmo#1846860)
* fixed: Deleting a message from the context menu with messages sorted in chronological order and smooth scroll enabled caused message list to scroll to top (bmo#1843462)
* fixed: Repeatedly switching accounts in Subscribe dialog caused tree view to stop updating (bmo#1845593)
* fixed: 'Ignore thread' caused message cards to display incorrectly in message list (bmo#1847966)
* fixed: Creating tags from unified toolbar failed (bmo#1846336)
* fixed: Cross-folder navigation using F and N did not work (bmo#1845011)
* fixed: Account Manager did not resize to fit content, causing 'Close' button to become hidden outside bounds of dialog when too many accounts were listed (bmo#1847555)
* fixed: Remote content exceptions could not be added in Settings (bmo#1847576)
* fixed: Newsgroup list file did not get updated after adding a new NNTP server (bmo#1845464)
* fixed: 'Download all headers' option in NNTP 'Download Headers' dialog was incorrectly selected by default (bmo#1845457)
* fixed: 'Convert to event/task' was missing from mail context menu (bmo#1817705)
* fixed: Events and tasks were not shown in some cases despite being present on remote server (bmo#1827100)
* fixed: Various visual and UX improvements (bmo#1844244,bmo#1845645)

- Mozilla Thunderbird 115.1.1
* fixed: Some HTML emails printed headers on first page and message on subsequent pages (bmo#1843628)
* fixed: Deleting messages from message list sometimes scrolled list to bottom, selecting bottommost message (bmo#1835173)
* fixed: Width of icon columns (like Junk or Starred) in message list did not adjust when UI density was changed (bmo#1843014)
* fixed: Old OpenPGP secret keys could not be used to decrypt messages under certain circumstances (bmo#1835786)
* fixed: When multiple folder modes were active, tab focus navigated through all folder mode options before reaching message list (bmo#1842060)
* fixed: Unread message count badge was not displayed on parent folders of subfolder containing unread messages (bmo#1844534)
* fixed: 'Undo archive' (via Ctrl-Z) did not un-archive previously archived messages (bmo#1829340)
* fixed: 'New' button dropdown menu in 'Message Filters' dialog could not be opened via keyboard navigation (bmo#1843511)
* fixed: 'Show New Mail Alert for' input field in 'Customize New Mail Alert' dialog had zero width when using certain language packs (bmo#1845832)
* fixed: 'Account Wizard' dialog was too narrow when adding a news server, partially hiding confirmation buttons (bmo#1846588)
* fixed: Link Properties and Image Properties dialogs in the composer were too wide (bmo#1816850)
* fixed: Thunderbird version number and details in 'About' dialog were not automatically read by screen readers when first opening dialog (bmo#1847078)
* fixed: Flatpak improvements and bug fixes (bmo#1825399,bmo#1843094,bmo#1843097)
* fixed: Various visual and UX improvements (bmo#1846262)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected MozillaThunderbird, MozillaThunderbird-translations-common and / or MozillaThunderbird-translations- other packages.

See Also

https://bugzilla.suse.com/1214606

https://bugzilla.suse.com/1215231

https://bugzilla.suse.com/1215245

https://www.suse.com/security/cve/CVE-2023-4051

https://www.suse.com/security/cve/CVE-2023-4053

https://www.suse.com/security/cve/CVE-2023-4573

https://www.suse.com/security/cve/CVE-2023-4574

https://www.suse.com/security/cve/CVE-2023-4575

https://www.suse.com/security/cve/CVE-2023-4576

https://www.suse.com/security/cve/CVE-2023-4577

https://www.suse.com/security/cve/CVE-2023-4578

https://www.suse.com/security/cve/CVE-2023-4580

https://www.suse.com/security/cve/CVE-2023-4581

https://www.suse.com/security/cve/CVE-2023-4582

https://www.suse.com/security/cve/CVE-2023-4583

https://www.suse.com/security/cve/CVE-2023-4584

https://www.suse.com/security/cve/CVE-2023-4585

https://www.suse.com/security/cve/CVE-2023-4863

http://www.nessus.org/u?97bcbc5f

Plugin Details

Severity: High

ID: 181580

File Name: suse_SU-2023-3664-1.nasl

Version: 1.4

Type: Local

Agent: unix

Published: 9/19/2023

Updated: 6/26/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

Percentile: 99.86

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-4863

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:mozillathunderbird, p-cpe:/a:novell:suse_linux:mozillathunderbird-translations-common, p-cpe:/a:novell:suse_linux:mozillathunderbird-translations-other

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/18/2023

Vulnerability Publication Date: 8/1/2023

CISA Known Exploited Vulnerability Due Dates: 10/4/2023

Reference Information

CVE: CVE-2023-4051, CVE-2023-4053, CVE-2023-4573, CVE-2023-4574, CVE-2023-4575, CVE-2023-4576, CVE-2023-4577, CVE-2023-4578, CVE-2023-4580, CVE-2023-4581, CVE-2023-4582, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585, CVE-2023-4863

SuSE: SUSE-SU-2023:3664-1