openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4070)
Critical Nessus Plugin ID 53774
SynopsisThe remote openSUSE host is missing a security update.
DescriptionMozillaThunderbird was updated to version 3.1.8, fixing various security issues.
Following security issues were fixed: MFSA 2011-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.
Igor Bukanov and Gary Kwong reported memory safety problems that affected Firefox 3.6 only. (CVE-2011-0062)
While there are no unsafe uses of this class in any released products, extension code could have potentially used it in an unsafe manner.
MFSA 2011-09 / CVE-2011-0061: Security researcher Jordi Chancel reported that a JPEG image could be constructed that would be decoded incorrectly, causing data to be written past the end of a buffer created to store the image. An attacker could potentially craft such an image that would cause malicious code to be stored in memory and then later executed on a victim's computer.
SolutionUpdate the affected MozillaThunderbird packages.