SuSE Update For MozillaThunderbird OpenSUSE-SU-2014:1098-1 (MozillaThunderbird) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

MozillaThunderbird was updated to Thunderbird 31.1.0 (bnc#894370), fixing security issues: * MFSA 2014-67/CVE-2014-1553/CVE-2014-1562 Miscellaneous memory safety hazards * MFSA 2014-68/CVE-2014-1563 (bmo#1018524) Use-after-free during DOM interactions with SVG * MFSA 2014-69/CVE-2014-1564 (bmo#1045977) Uninitialized memory use during GIF rendering * MFSA 2014-70/CVE-2014-1565 (bmo#1047831) Out-of-bounds read in Web Audio audio timeline * MFSA 2014-72/CVE-2014-1567 (bmo#1037641) Use-after-free setting text directionality - update to Thunderbird 31.0 * based on Gecko 31 * Autocompleting email addresses now matches against any part of the name or email * Composing a mail to a newsgroup will now autocomplete newsgroup names * Insecure NTLM (pre-NTLMv2) authentication disabled

Affected

MozillaThunderbird on openSUSE 13.1, openSUSE 12.3

References

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-1553, CVE-2014-1562, CVE-2014-1563, CVE-2014-1564, CVE-2014-1565, CVE-2014-1567
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SuSE Update for MozillaThunderbird openSUSE-SU-2014:1098-1 (MozillaThunderbird)

Take action and discover your vulnerabilities