openSUSE Security Update : MozillaThunderbird / seamonkey (openSUSE-SU-2014:0584-1)

High Nessus Plugin ID 75333

Synopsis

The remote openSUSE host is missing a security update.

Description

Mozilla Thunderbird was updated to 24.4.0. Mozilla SeaMonkey was updated to 2.25.

- MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards

- MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds read during WAV file decoding

- MFSA 2014-18/CVE-2014-1498 (bmo#935618) crypto.generateCRMFRequest does not validate type of key

- MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack on WebRTC permission prompt

- MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload and JavaScript navigation DOS

- MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content injection from one domain to rendering in another

- MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content Security Policy for data: documents not preserved by session restore

- MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information disclosure through polygon rendering in MathML

- MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory corruption in Cairo during PDF font rendering

- MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters information disclosure through feDisplacementMap

- MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909) Privilege escalation using WebIDL-implemented APIs

- MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free in TypeObject

- MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds read/write through neutering ArrayBuffer objects

- MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds write through TypedArrayObject after neutering

Solution

Update the affected MozillaThunderbird / seamonkey packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=868603

https://lists.opensuse.org/opensuse-updates/2014-04/msg00064.html

Plugin Details

Severity: High

ID: 75333

File Name: openSUSE-2014-321.nasl

Version: 1.5

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaThunderbird, p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols, p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo, p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource, p-cpe:/a:novell:opensuse:MozillaThunderbird-devel, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other, p-cpe:/a:novell:opensuse:enigmail, p-cpe:/a:novell:opensuse:enigmail-debuginfo, p-cpe:/a:novell:opensuse:seamonkey, p-cpe:/a:novell:opensuse:seamonkey-debuginfo, p-cpe:/a:novell:opensuse:seamonkey-debugsource, p-cpe:/a:novell:opensuse:seamonkey-dom-inspector, p-cpe:/a:novell:opensuse:seamonkey-irc, p-cpe:/a:novell:opensuse:seamonkey-translations-common, p-cpe:/a:novell:opensuse:seamonkey-translations-other, p-cpe:/a:novell:opensuse:seamonkey-venkman, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/04/22

Exploitable With

Metasploit (Firefox WebIDL Privileged Javascript Injection)

Reference Information

CVE: CVE-2014-1493, CVE-2014-1494, CVE-2014-1497, CVE-2014-1498, CVE-2014-1499, CVE-2014-1500, CVE-2014-1502, CVE-2014-1504, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514

BID: 66203, 66206, 66207, 66209, 66240, 66412, 66417, 66418, 66419, 66421, 66422, 66423, 66425, 66426, 66428, 66429