openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-192)

high Nessus Plugin ID 39892

Synopsis

The remote openSUSE host is missing a security update.

Description

Mozilla Thunderbird was updated to 2.0.0.16.

MFSA 2008-34 / CVE-2008-2785: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerability was caused by an insufficiently sized variable being used as a reference counter for CSS objects. By creating a very large number of references to a common CSS object, this counter could be overflowed which could cause a crash when the browser attempts to free the CSS object while still in use. An attacker could use this crash to run arbitrary code on the victim's computer

Solution

Update the affected MozillaThunderbird packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=407573

Plugin Details

Severity: High

ID: 39892

File Name: suse_11_0_MozillaThunderbird-080912.nasl

Version: 1.11

Type: local

Agent: unix

Published: 7/21/2009

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:mozillathunderbird-translations, p-cpe:/a:novell:opensuse:mozillathunderbird, p-cpe:/a:novell:opensuse:mozillathunderbird-devel, cpe:/o:novell:opensuse:11.0

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 9/12/2008

Reference Information

CVE: CVE-2008-2785

CWE: 189