Test ID:	1.3.6.1.4.1.25623.1.0.851258
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2016:0876-1)
Summary:	The remote host is missing an update for the 'MozillaThunderbird'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'MozillaThunderbird' package(s) announced via the referenced advisory. Vulnerability Insight: MozillaThunderbird was updated to 38.7.0 to fix the following issues: * Update to Thunderbird 38.7.0 (boo#969894) * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using performance.getEntries and history navigation * MFSA 2016-16/CVE-2016-1952 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library Affected Software/OS: MozillaThunderbird on openSUSE Leap 42.1, openSUSE 13.2 Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4477 https://security.gentoo.org/glsa/201605-06 http://www.securitytracker.com/id/1033247 SuSE Security Announcement: openSUSE-SU-2015:1389 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html SuSE Security Announcement: openSUSE-SU-2015:1390 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html SuSE Security Announcement: openSUSE-SU-2016:0876 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html SuSE Security Announcement: openSUSE-SU-2016:0894 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html http://www.ubuntu.com/usn/USN-2702-1 http://www.ubuntu.com/usn/USN-2702-2 http://www.ubuntu.com/usn/USN-2702-3 Common Vulnerability Exposure (CVE) ID: CVE-2015-7207 BugTraq ID: 79280 http://www.securityfocus.com/bid/79280 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html https://security.gentoo.org/glsa/201512-10 https://github.com/w3c/resource-timing/issues/29 http://www.securitytracker.com/id/1034426 SuSE Security Announcement: openSUSE-SU-2015:2353 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html SuSE Security Announcement: openSUSE-SU-2016:0307 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html SuSE Security Announcement: openSUSE-SU-2016:0308 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.ubuntu.com/usn/USN-2833-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1952 Debian Security Information: DSA-3510 (Google Search) http://www.debian.org/security/2016/dsa-3510 http://www.securitytracker.com/id/1035215 SuSE Security Announcement: SUSE-SU-2016:0727 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html SuSE Security Announcement: SUSE-SU-2016:0777 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html SuSE Security Announcement: SUSE-SU-2016:0820 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html SuSE Security Announcement: SUSE-SU-2016:0909 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html SuSE Security Announcement: openSUSE-SU-2016:0731 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html SuSE Security Announcement: openSUSE-SU-2016:0733 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html SuSE Security Announcement: openSUSE-SU-2016:1767 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html SuSE Security Announcement: openSUSE-SU-2016:1769 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html SuSE Security Announcement: openSUSE-SU-2016:1778 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html http://www.ubuntu.com/usn/USN-2917-1 http://www.ubuntu.com/usn/USN-2917-2 http://www.ubuntu.com/usn/USN-2917-3 http://www.ubuntu.com/usn/USN-2934-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1954 Debian Security Information: DSA-3520 (Google Search) http://www.debian.org/security/2016/dsa-3520 Common Vulnerability Exposure (CVE) ID: CVE-2016-1957 Common Vulnerability Exposure (CVE) ID: CVE-2016-1958 Common Vulnerability Exposure (CVE) ID: CVE-2016-1960 https://www.exploit-db.com/exploits/42484/ https://www.exploit-db.com/exploits/44294/ http://zerodayinitiative.com/advisories/ZDI-16-198/ Common Vulnerability Exposure (CVE) ID: CVE-2016-1961 http://zerodayinitiative.com/advisories/ZDI-16-199/ Common Vulnerability Exposure (CVE) ID: CVE-2016-1962 Common Vulnerability Exposure (CVE) ID: CVE-2016-1964 Common Vulnerability Exposure (CVE) ID: CVE-2016-1965 Common Vulnerability Exposure (CVE) ID: CVE-2016-1966 Common Vulnerability Exposure (CVE) ID: CVE-2016-1974 Common Vulnerability Exposure (CVE) ID: CVE-2016-1977 BugTraq ID: 84222 http://www.securityfocus.com/bid/84222 Debian Security Information: DSA-3515 (Google Search) http://www.debian.org/security/2016/dsa-3515 https://security.gentoo.org/glsa/201701-63 http://www.ubuntu.com/usn/USN-2927-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-2790 Common Vulnerability Exposure (CVE) ID: CVE-2016-2791 Common Vulnerability Exposure (CVE) ID: CVE-2016-2792 Common Vulnerability Exposure (CVE) ID: CVE-2016-2793 Common Vulnerability Exposure (CVE) ID: CVE-2016-2794 Common Vulnerability Exposure (CVE) ID: CVE-2016-2795 Common Vulnerability Exposure (CVE) ID: CVE-2016-2796 Common Vulnerability Exposure (CVE) ID: CVE-2016-2797 Common Vulnerability Exposure (CVE) ID: CVE-2016-2798 Common Vulnerability Exposure (CVE) ID: CVE-2016-2799 Common Vulnerability Exposure (CVE) ID: CVE-2016-2800 Common Vulnerability Exposure (CVE) ID: CVE-2016-2801 Common Vulnerability Exposure (CVE) ID: CVE-2016-2802
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.