Detections
Analytics

SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2024:0242-1)

high Nessus Plugin ID 189712

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0242-1 advisory.

 Update to Mozilla Thunderbird 115.7 (MFSA 2024-04) (bsc#1218955):

 - CVE-2024-0741: Out of bounds write in ANGLE
 - CVE-2024-0742: Failure to update user input timestamp
 - CVE-2024-0746: Crash when listing printers on Linux
 - CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set
 - CVE-2024-0749: Phishing site popup could show local origin in address bar
 - CVE-2024-0750: Potential permissions request bypass via clickjacking
 - CVE-2024-0751: Privilege escalation through devtools
 - CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain
 - CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7

 Other fixes:

 * new: Autocrypt Gossip key distribution added (bmo#1853674)
 * fixed: When starting Thunderbird, unread message count did not appear on collapsed accounts (bmo#1862774)
 * fixed: Blank window was sometimes displayed when starting Thunderbird (bmo#1870817)
 * fixed: Thunderbird '--chrome' flag incorrectly opened extra messenger.xhtml (bmo#1866915)
 * fixed: Add-ons did not start correctly when opening Thunderbird from other programs (bmo#1800423)
 * fixed: Drag-and-drop installation of add-ons did not work if Add-ons Manager was opened from Unified Toolbar (bmo#1862978)
 * fixed: Double-clicking empty space in message pane incorrectly opened the currently selected message (bmo#1867407)
 * fixed: Canceling SMTP send before progress reached 100% did not stop message from sending (bmo#1816540)
 * fixed: PDF attachments open in a separate tab did not always restore correctly after restarting Thunderbird (bmo#1846054)
 * fixed: Some OpenPGP dialogs were too small for their contents (bmo#1870809)
 * fixed: Account Manager did not work with hostnames entered as punycode (bmo#1870720,bmo#1872632)
 * fixed: Downloading complete message from POP3 headers caused message tab/window to close when 'Close message window/tab on move or delete' was enabled (bmo#1861886)
 * fixed: Some ECC GPG keys could not be exported (bmo#1867765)
 * fixed: Contacts deleted from mailing list view still visible in Details view (bmo#1799362)
 * fixed: After selecting contacts in Address Book and starting a new search, the search results list did not update (bmo#1812726)
 * fixed: Various UX and visual improvements (bmo#1866061,bmo#18 67169,bmo#1867728,bmo#1868079,bmo#1869519,bmo#1832149,bmo#185 6495,bmo#1861210,bmo#1861286,bmo#1863296,bmo#1864979)
 * fixed: Security fixes

 - Mozilla Thunderbird 115.6.1
 * new: OAuth2 now supported for comcast.net (bmo#1844810)
 * fixed: High CPU usage sometimes occurred with IMAP CONDSTORE (conditional STORE) enabled (bmo#1839256)
 * fixed: Replying to a collapsed thread via keyboard shortcut (Ctrl+R/Cmd+R) opened a reply for every message in the thread (bmo#1866819)
 * fixed: Enabling Grouped By view after reversing sort order of column header caused messages to be grouped incorrectly (bmo#1868794)
 * fixed: Opening thread pane context menu via keyboard did not always scroll view to selection (bmo#1867532)
 * fixed: New mail indicator for POP3 accounts did not indicate new messages ready to be downloaded (bmo#1870619)
 * fixed: Messages could not be moved to folders using Message > Move To if text or a link in the message had been clicked on first (bmo#1868474)
 * fixed: MIME part boundaries were not properly terminated (bmo#1805558)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected MozillaThunderbird, MozillaThunderbird-translations-common and / or MozillaThunderbird-translations- other packages.

See Also

https://bugzilla.suse.com/1218955

https://www.suse.com/security/cve/CVE-2024-0741

https://www.suse.com/security/cve/CVE-2024-0742

https://www.suse.com/security/cve/CVE-2024-0746

https://www.suse.com/security/cve/CVE-2024-0747

https://www.suse.com/security/cve/CVE-2024-0749

https://www.suse.com/security/cve/CVE-2024-0750

https://www.suse.com/security/cve/CVE-2024-0751

https://www.suse.com/security/cve/CVE-2024-0753

https://www.suse.com/security/cve/CVE-2024-0755

http://www.nessus.org/u?24057a75

Plugin Details

Severity: High

ID: 189712

File Name: suse_SU-2024-0242-1.nasl

Version: 1.2

Type: Local

Agent: unix

Published: 1/27/2024

Updated: 6/25/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-0755

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:mozillathunderbird, p-cpe:/a:novell:suse_linux:mozillathunderbird-translations-common, p-cpe:/a:novell:suse_linux:mozillathunderbird-translations-other

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/26/2024

Vulnerability Publication Date: 1/23/2024

Reference Information

CVE: CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755

SuSE: SUSE-SU-2024:0242-1