openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2010:0430-2)

high Nessus Plugin ID 47868

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update brings Mozilla Thunderbird to the 3.0.6 security release.

It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211:
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products.
Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert reported memory safety problems that affected Firefox 3.6 and Firefox 3.5.

MFSA 2010-39 / CVE-2010-2752: Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created. When the array was later populated with CSS values data would be written past the end of the buffer potentially resulting in the execution of attacker-controlled memory.

MFSA 2010-40 / CVE-2010-2753: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an integer overflow vulnerability in the implementation of the XUL <tree> element's selection attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection can overflow, resulting in a bogus range being marked selected. When adjustSelection is then called on the bogus range the range is deleted leaving dangling references to the ranges which could be used by an attacker to call into deleted memory and run arbitrary code on a victim's computer.

MFSA 2010-41 / CVE-2010-1205: OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory.

MFSA 2011-42 / CVE-2010-1213: Security researcher Yosuke Hasegawa reported that the Web Worker method importScripts can read and parse resources from other domains even when the content is not valid JavaScript. This is a violation of the same-origin policy and could be used by an attacker to steal information from other sites.

MFSA 2010-46 / CVE-2010-0654: Google security researcher Chris Evans reported that data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. If an attacker can inject opening and closing portions of a CSS selector into points A and B of a target page, then the region between the two injection points becomes readable to JavaScript through, for example, the getComputedStyle() API.

MFSA 2010-47 / CVE-2010-2754: Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message.

Solution

Update the affected MozillaThunderbird packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=622506

https://lists.opensuse.org/opensuse-updates/2010-07/msg00049.html

https://lists.opensuse.org/opensuse-updates/2010-08/msg00048.html

Plugin Details

Severity: High

ID: 47868

File Name: suse_11_2_MozillaThunderbird-100721.nasl

Version: 1.11

Type: local

Agent: unix

Published: 7/28/2010

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:novell:opensuse:11.2, p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other, p-cpe:/a:novell:opensuse:mozillathunderbird, p-cpe:/a:novell:opensuse:enigmail, p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common, p-cpe:/a:novell:opensuse:mozillathunderbird-devel

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 7/21/2010

Reference Information

CVE: CVE-2010-0654, CVE-2010-1205, CVE-2010-1211, CVE-2010-1213, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754

CWE: 94