openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-2734)

high Nessus Plugin ID 27129

Synopsis

The remote openSUSE host is missing a security update.

Description

This update brings Mozilla Thunderbird to version 1.5.0.10. It contains stability fixes and some security fixes :

- MFSA 2007-01: As part of the Thunderbird 1.5.0.10 update releases several bugs were fixed to improve the stability of the browser. Some of these were crashes that showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code. These fixes affected the layout engine (CVE-2007-0775), SVG renderer (CVE-2007-0776) and JavaScript engine (CVE-2007-0777).

- MFSA 2007-06: CVE-2007-0008: SSL clients such as Firefox and Thunderbird can suffer a buffer overflow if a malicious server presents a certificate with a public key that is too small to encrypt the entire 'Master Secret'. Exploiting this overflow appears to be unreliable but possible if the SSLv2 protocol is enabled.

Solution

Update the affected MozillaThunderbird packages.

Plugin Details

Severity: High

ID: 27129

File Name: suse_MozillaThunderbird-2734.nasl

Version: 1.16

Type: local

Agent: unix

Published: 10/17/2007

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:mozillathunderbird, p-cpe:/a:novell:opensuse:mozillathunderbird-translations, cpe:/o:novell:opensuse:10.1, cpe:/o:novell:opensuse:10.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 3/9/2007

Reference Information

CVE: CVE-2007-0008, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777

CWE: 119, 189