openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4800)

critical Nessus Plugin ID 75965
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

Mozilla Thunderbird was updated to the 3.1.11 release.

It has new features, fixes lots of bugs, and also fixes the following security issues: dbg114-MozillaThunderbird-4800 MozillaThunderbird-4800 new_updateinfo MFSA 2011-19/CVE-2011-2374 CVE-2011-2376 CVE-2011-2364 CVE-2011-2365 Miscellaneous memory safety hazards dbg114-MozillaThunderbird-4800 MozillaThunderbird-4800 new_updateinfo MFSA 2011-20/CVE-2011-2373 (bmo#617247) Use-after-free vulnerability when viewing XUL document with script disabled dbg114-MozillaThunderbird-4800 MozillaThunderbird-4800 new_updateinfo MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303) Memory corruption due to multipart/x-mixed-replace images dbg114-MozillaThunderbird-4800 MozillaThunderbird-4800 new_updateinfo MFSA 2011-22/CVE-2011-2371 (bmo#664009) Integer overflow and arbitrary code execution in Array.reduceRight() dbg114-MozillaThunderbird-4800 MozillaThunderbird-4800 new_updateinfo MFSA 2011-23/CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 Multiple dangling pointer vulnerabilities dbg114-MozillaThunderbird-4800 MozillaThunderbird-4800 new_updateinfo MFSA 2011-24/CVE-2011-2362 (bmo#616264) Cookie isolation error

Solution

Update the affected MozillaThunderbird packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=701296

Plugin Details

Severity: Critical

ID: 75965

File Name: suse_11_4_MozillaThunderbird-110628.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaThunderbird, p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols, p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo, p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource, p-cpe:/a:novell:opensuse:MozillaThunderbird-devel, p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other, p-cpe:/a:novell:opensuse:enigmail, p-cpe:/a:novell:opensuse:enigmail-debuginfo, cpe:/o:novell:opensuse:11.4

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/28/2011

Exploitable With

CANVAS (CANVAS)

Metasploit (Mozilla Firefox Array.reduceRight() Integer Overflow)

Reference Information

CVE: CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2376, CVE-2011-2377