openSUSE Security Update : MozillaThunderbird (openSUSE-2015-559)
Critical Nessus Plugin ID 85703
Synopsis
The remote openSUSE host is missing a security update.
Description
This update to Thunderbird 38.2.0 fixes the following issues (bnc#940806) :
- MFSA 2015-79/CVE-2015-4473 Miscellaneous memory safety hazards
- MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file
- MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties
- MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright
- MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows)
- MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater)
- MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript
- MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images
- MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video
- MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection
- MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers
Solution
Update the affected MozillaThunderbird packages.