openSUSE Security Update : MozillaThunderbird (openSUSE-2021-644)

high Nessus Plugin ID 149577

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for MozillaThunderbird fixes the following issues :

- Firefox was updated to 78.10.0 ESR (bsc#1184960)

- CVE-2021-23994: Out of bound write due to lazy initialization

- CVE-2021-23995: Use-after-free in Responsive Design Mode

- CVE-2021-23998: Secure Lock icon could have been spoofed

- CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage

- CVE-2021-23999: Blob URLs may have been granted additional privileges

- CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL

- CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads

- CVE-2021-29946: Port blocking could be bypassed	

- CVE-2021-29948: Race condition when reading from disk while verifying signatures

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Solution

Update the affected MozillaThunderbird packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1184960

Plugin Details

Severity: High

ID: 149577

File Name: openSUSE-2021-644.nasl

Version: 1.4

Type: local

Agent: unix

Published: 5/18/2021

Updated: 1/1/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-29946

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other, p-cpe:/a:novell:opensuse:mozillathunderbird, cpe:/o:novell:opensuse:15.2, p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common, p-cpe:/a:novell:opensuse:mozillathunderbird-debugsource, p-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/1/2021

Vulnerability Publication Date: 2/26/2021

Reference Information

CVE: CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29948