openSUSE Security Update : Mozilla Thunderbird (openSUSE-2015-977)
Critical Nessus Plugin ID 87716
SynopsisThe remote openSUSE host is missing a security update.
DescriptionMozilla Thunderbird was updated to 38.5.0 to fix multiple security issues.
The following vulnerabilities were fixed: (boo#959277)
- CVE-2015-7201: Miscellaneous memory safety hazards
- CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed
- CVE-2015-7212: Integer overflow allocating extremely large textures
- CVE-2015-7205: Underflow through code inspection
- CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions
- CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright
- CVE-2015-7214: Cross-site reading attack through data and view-source URIs
SolutionUpdate the affected Mozilla Thunderbird packages.