openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5680)

High Nessus Plugin ID 34428


The remote openSUSE host is missing a security update.


This patch backports security fixes found in MozillaThunderbird back to the 1.5 Thunderbird used in openSUSE 10.2.

MFSA 2008-34 / CVE-2008-2785: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer


Update the affected MozillaThunderbird packages.

Plugin Details

Severity: High

ID: 34428

File Name: suse_MozillaThunderbird-5680.nasl

Version: $Revision: 1.6 $

Type: local

Agent: unix

Published: 2008/10/16

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaThunderbird, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations, cpe:/o:novell:opensuse:10.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2008/10/15

Reference Information

CVE: CVE-2008-2785

CWE: 189