openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5680)

high Nessus Plugin ID 34428

Synopsis

The remote openSUSE host is missing a security update.

Description

This patch backports security fixes found in MozillaThunderbird 2.0.0.17 back to the 1.5 Thunderbird used in openSUSE 10.2.

MFSA 2008-34 / CVE-2008-2785: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer

Solution

Update the affected MozillaThunderbird packages.

Plugin Details

Severity: High

ID: 34428

File Name: suse_MozillaThunderbird-5680.nasl

Version: 1.11

Type: local

Agent: unix

Published: 10/16/2008

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:mozillathunderbird-translations, cpe:/o:novell:opensuse:10.2, p-cpe:/a:novell:opensuse:mozillathunderbird

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 10/15/2008

Reference Information

CVE: CVE-2008-2785

CWE: 189