SuSE Update For MozillaThunderbird OpenSUSE-SU-2014:0976-1 (MozillaThunderbird) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

MozillaThunderbird was updated to Thunderbird 24.7.0 (bnc#887746) * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with FireOnStateChange event * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with Cesium JavaScript library * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when manipulating certificates in the trusted cache (solved with NSS 3.16.2 requirement) * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when scaling high quality images A standalone enigmail 1.7 package that was previously built as part of MozillaThunderbird was added.

Affected

MozillaThunderbird on openSUSE 13.1, openSUSE 12.3

References

http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00005.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-1544, CVE-2014-1547, CVE-2014-1548, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SuSE Update for MozillaThunderbird openSUSE-SU-2014:0976-1 (MozillaThunderbird)

Take action and discover your vulnerabilities