 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.856574 |
| Category: | openSUSE Local Security Checks |
| Title: | openSUSE Security Advisory (SUSE-SU-2024:3629-1) |
| Summary: | The remote host is missing an update for the 'MozillaThunderbird' package(s) announced via the SUSE-SU-2024:3629-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'MozillaThunderbird' package(s) announced via the SUSE-SU-2024:3629-1 advisory. Vulnerability Insight: This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.3.1 (MFSA 2024-51, bsc#1231413): - CVE-2024-9680: Use-after-free in Animation timeline Update to Mozilla Thunderbird 128.3 (MFSA 2024-49, bsc#1230979): - CVE-2024-9392: Compromised content process can bypass site isolation - CVE-2024-9393: Cross-origin access to PDF contents through multipart responses - CVE-2024-9394: Cross-origin access to JSON contents through multipart responses - CVE-2024-8900: Clipboard write permission bypass - CVE-2024-9396: Potential memory corruption may occur when cloning certain objects - CVE-2024-9397: Potential directory upload bypass via clickjacking - CVE-2024-9398: External protocol handlers could be enumerated via popups - CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service - CVE-2024-9400: Potential memory corruption during JIT compilation - CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 - CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 Other fixes: - fixed: Opening an EML file with a 'mailto:' link did not work - fixed: Collapsed POP3 account folder was expanded after emptying trash on exit - fixed: 'Mark Folder Read' on a cross-folder search marked all underlying folders read - fixed: Unable to open/view attached OpenPGP encrypted messages - fixed: Unable to 'Decrypt and Open' an attached OpenPGP key file - fixed: Subject could disappear when replying to a message saved in an EML file - fixed: OAuth2 authentication method was not available when adding SMTP server - fixed: Unable to subscribe to .ics calendars in some situations - fixed: Visual and UX improvements Affected Software/OS: 'MozillaThunderbird' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2024-8900 Common Vulnerability Exposure (CVE) ID: CVE-2024-9392 Common Vulnerability Exposure (CVE) ID: CVE-2024-9393 Common Vulnerability Exposure (CVE) ID: CVE-2024-9394 Common Vulnerability Exposure (CVE) ID: CVE-2024-9396 Common Vulnerability Exposure (CVE) ID: CVE-2024-9397 Common Vulnerability Exposure (CVE) ID: CVE-2024-9398 Common Vulnerability Exposure (CVE) ID: CVE-2024-9399 Common Vulnerability Exposure (CVE) ID: CVE-2024-9400 Common Vulnerability Exposure (CVE) ID: CVE-2024-9401 Common Vulnerability Exposure (CVE) ID: CVE-2024-9402 Common Vulnerability Exposure (CVE) ID: CVE-2024-9680 |
| Copyright | Copyright (C) 2024 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |