openSUSE Security Update : Mozilla Thunderbird (openSUSE-2015-885)

critical Nessus Plugin ID 87441

Synopsis

The remote openSUSE host is missing a security update.

Description

The MozillaThunderbird package was updated to version 38.4.0 to fix several security and non security issues :

Changes in MozillaThunderbird :

- update to Thunderbird 38.4.0 (bnc#952810)

- MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous memory safety hazards

- MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy

- MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas

- MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received

- MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files

- MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet

- MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1188010, bmo#1204061, bmo#1204155) Vulnerabilities found through code inspection

- MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers

- MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1205157) NSS and NSPR memory corruption issues (fixed in mozilla-nspr and mozilla-nss packages)

- requires NSPR 4.10.10 and NSS 3.19.2.1

- added explicit appdata provides (bnc#952325)

- fix build on aarch64 by reusing the crashreporter conditional from MozillaFirefox

- fix libjpeg-turbo configuration

Solution

Update the affected Mozilla Thunderbird packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=952325

https://bugzilla.opensuse.org/show_bug.cgi?id=952810

Plugin Details

Severity: Critical

ID: 87441

File Name: openSUSE-2015-885.nasl

Version: 2.8

Type: local

Agent: unix

Published: 12/17/2015

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/o:novell:opensuse:13.2, p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other, p-cpe:/a:novell:opensuse:mozillathunderbird, p-cpe:/a:novell:opensuse:mozillathunderbird-buildsymbols, p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common, cpe:/o:novell:opensuse:13.1, p-cpe:/a:novell:opensuse:mozillathunderbird-debugsource, p-cpe:/a:novell:opensuse:mozillathunderbird-devel, p-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 12/10/2015

Reference Information

CVE: CVE-2015-4513, CVE-2015-4514, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194, CVE-2015-7196, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200