Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.851626 |
Category: | SuSE Local Security Checks |
Title: | openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2017:2710-1) |
Summary: | The remote host is missing an update for the 'MozillaThunderbird'; package(s) announced via the referenced advisory. |
Description: | Summary: The remote host is missing an update for the 'MozillaThunderbird' package(s) announced via the referenced advisory. Vulnerability Insight: Mozilla Thunderbird was updated to 52.4.0 (boo#1060445) * new behavior was introduced for replies to mailing list posts:'When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header'. A new preference mail.override_list_reply_to allows to restore the previous behavior. * Under certain circumstances (image attachment and non-image attachment), attached images were shown truncated in messages stored in IMAP folders not synchronised for offline use. * IMAP UIDs 0x7FFFFFFF now handled properly Security fixes from Gecko 52.4esr * CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API * CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array manipulation * CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in design mode * CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and validating elements with ANGLE * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) Use-after-free in TLS 1.2 generating handshake hashes * CVE-2017-7814 (bmo#1376036) Blob and data URLs bypass phishing and malware protection warnings * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) OS X fonts render some Tibetan and Arabic unicode characters as spaces * CVE-2017-7823 (bmo#1396320) CSP sandbox directive did not create a unique origin * CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 - Add alsa-devel BuildRequires: we care for ALSA support to be built and thus need to ensure we get the dependencies in place. In the past, alsa-devel was pulled in by accident: we buildrequire libgnome-devel. This required esound-devel and that in turn pulled in alsa-devel for us. libgnome is being fixed to no longer require esound-devel. Affected Software/OS: MozillaThunderbird on openSUSE Leap 42.3, openSUSE Leap 42.2 Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-7793 BugTraq ID: 101055 http://www.securityfocus.com/bid/101055 Debian Security Information: DSA-3987 (Google Search) https://www.debian.org/security/2017/dsa-3987 Debian Security Information: DSA-4014 (Google Search) https://www.debian.org/security/2017/dsa-4014 https://security.gentoo.org/glsa/201803-14 https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html RedHat Security Advisories: RHSA-2017:2831 https://access.redhat.com/errata/RHSA-2017:2831 RedHat Security Advisories: RHSA-2017:2885 https://access.redhat.com/errata/RHSA-2017:2885 http://www.securitytracker.com/id/1039465 Common Vulnerability Exposure (CVE) ID: CVE-2017-7805 BugTraq ID: 101059 http://www.securityfocus.com/bid/101059 Debian Security Information: DSA-3998 (Google Search) https://www.debian.org/security/2017/dsa-3998 RedHat Security Advisories: RHSA-2017:2832 https://access.redhat.com/errata/RHSA-2017:2832 Common Vulnerability Exposure (CVE) ID: CVE-2017-7810 BugTraq ID: 101054 http://www.securityfocus.com/bid/101054 https://usn.ubuntu.com/3688-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-7814 Common Vulnerability Exposure (CVE) ID: CVE-2017-7818 Common Vulnerability Exposure (CVE) ID: CVE-2017-7819 Common Vulnerability Exposure (CVE) ID: CVE-2017-7823 Common Vulnerability Exposure (CVE) ID: CVE-2017-7824 BugTraq ID: 101053 http://www.securityfocus.com/bid/101053 Common Vulnerability Exposure (CVE) ID: CVE-2017-7825 |
Copyright | Copyright (C) 2017 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |