Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2014-447.NASL
HistoryJul 02, 2014 - 12:00 a.m.

openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:0858-1)

2014-07-0200:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

MozillaThunderbird was updated to version 24.6.0 to fix six security issues :

  • Miscellaneous memory safety hazards (CVE-2014-1533/CVE-2014-1534)

  • Use-after-free and out of bounds issues found using Address Sanitizer (CVE-2014-1536/CVE-2014-1537/CVE-2014-1538)

  • Use-after-free with SMIL Animation Controller (CVE-2014-1541)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-447.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(76338);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-1533", "CVE-2014-1534", "CVE-2014-1536", "CVE-2014-1537", "CVE-2014-1538", "CVE-2014-1541", "CVE-2014-1545");

  script_name(english:"openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:0858-1)");
  script_summary(english:"Check for the openSUSE-2014-447 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"MozillaThunderbird was updated to version 24.6.0 to fix six security
issues :

  - Miscellaneous memory safety hazards
    (CVE-2014-1533/CVE-2014-1534)

  - Use-after-free and out of bounds issues found using
    Address Sanitizer
    (CVE-2014-1536/CVE-2014-1537/CVE-2014-1538)

  - Use-after-free with SMIL Animation Controller
    (CVE-2014-1541)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=881874"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected MozillaThunderbird packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-24.6.0-61.51.3") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-buildsymbols-24.6.0-61.51.3") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-debuginfo-24.6.0-61.51.3") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-debugsource-24.6.0-61.51.3") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-devel-24.6.0-61.51.3") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-translations-common-24.6.0-61.51.3") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-translations-other-24.6.0-61.51.3") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"enigmail-1.6.0+24.6.0-61.51.3") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"enigmail-debuginfo-1.6.0+24.6.0-61.51.3") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-24.6.0-70.23.3") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-buildsymbols-24.6.0-70.23.3") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-debuginfo-24.6.0-70.23.3") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-debugsource-24.6.0-70.23.3") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-devel-24.6.0-70.23.3") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-translations-common-24.6.0-70.23.3") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-translations-other-24.6.0-70.23.3") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"enigmail-1.6.0+24.6.0-70.23.3") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"enigmail-debuginfo-1.6.0+24.6.0-70.23.3") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird");
}
VendorProductVersionCPE
novellopensusemozillathunderbirdp-cpe:/a:novell:opensuse:mozillathunderbird
novellopensusemozillathunderbird-buildsymbolsp-cpe:/a:novell:opensuse:mozillathunderbird-buildsymbols
novellopensusemozillathunderbird-debuginfop-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo
novellopensusemozillathunderbird-debugsourcep-cpe:/a:novell:opensuse:mozillathunderbird-debugsource
novellopensusemozillathunderbird-develp-cpe:/a:novell:opensuse:mozillathunderbird-devel
novellopensusemozillathunderbird-translations-commonp-cpe:/a:novell:opensuse:mozillathunderbird-translations-common
novellopensusemozillathunderbird-translations-otherp-cpe:/a:novell:opensuse:mozillathunderbird-translations-other
novellopensuseenigmailp-cpe:/a:novell:opensuse:enigmail
novellopensuseenigmail-debuginfop-cpe:/a:novell:opensuse:enigmail-debuginfo
novellopensuse12.3cpe:/o:novell:opensuse:12.3
Rows per page:
1-10 of 111

Related

openvas 38
nessus 43
suse 6
osv 4
debian 4
ubuntu 3
securityvulns 2
veracode 4
mageia 2
centos 4
freebsd 1
oraclelinux 4
mozilla 4
redhat 5
cve 7
amazon 1
prion 7
ubuntucve 7
debiancve 1
ibm 6
f5 2
gentoo 1
openvas
openvas
SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2014:0824-1)
2015-10-13 00:00:00
openSUSE: Security Advisory for Mozilla (openSUSE-SU-2014:0797-1)
2014-06-17 00:00:00
SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2014:0824-3)
2015-10-16 00:00:00
nessus
nessus
SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 9370)
2014-06-23 00:00:00
Mozilla Thunderbird < 24.6 Multiple Vulnerabilities
2014-06-11 00:00:00
Thunderbird < 24.6 Multiple Vulnerabilities (Mac OS X)
2014-06-11 00:00:00
suse
suse
Mozilla updates 2014/06 (critical)
2014-06-16 08:04:13
Security update for MozillaFirefox (important)
2014-06-23 20:09:15
Security update for MozillaFirefox (important)
2014-06-21 01:04:47
osv
osv
iceweasel - security update
2014-06-11 00:00:00
icedove - security update
2014-06-16 00:00:00
nspr - security update
2014-08-07 00:00:00
debian
debian
[SECURITY] [DSA 2955-1] iceweasel security update
2014-06-11 14:33:41
[SECURITY] [DSA 2960-1] icedove security update
2014-06-16 17:13:24
[SECURITY] [DSA 2962-1] nspr security update
2014-06-17 19:31:15
ubuntu
ubuntu
Firefox vulnerabilities
2014-06-11 00:00:00
Thunderbird vulnerabilities
2014-06-19 00:00:00
NSPR vulnerability
2014-07-02 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-06-13 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:58:34
Use-After-Free
2019-05-02 04:58:34
Remote Code Execution (RCE)
2019-01-15 08:53:46
mageia
mageia
Updated firefox & thunderbird packages fix multiple security vulnerabilities
2014-06-11 21:13:59
Updated iceape package fixes security vulnerabilities
2014-10-23 17:27:57
centos
centos
firefox security update
2014-06-11 10:49:01
thunderbird security update
2014-06-11 10:54:29
nss security update
2014-09-30 11:21:57
freebsd
freebsd
mozilla -- multiple vulnerabilities
2014-06-10 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2014-06-10 00:00:00
firefox security update
2014-06-10 00:00:00
nss and nspr security, bug fix, and enhancement update
2014-09-17 00:00:00
mozilla
mozilla
Use-after-free and out of bounds issues found using Address Sanitizer — Mozilla
2014-06-10 00:00:00
Miscellaneous memory safety hazards (rv:30.0 / rv:24.6) — Mozilla
2014-06-10 00:00:00
Out of bounds write in NSPR — Mozilla
2014-06-10 00:00:00
redhat
redhat
(RHSA-2014:0741) Critical: firefox security update
2014-06-10 00:00:00
(RHSA-2014:0742) Important: thunderbird security update
2014-06-10 00:00:00
(RHSA-2014:1246) Moderate: nss and nspr security, bug fix, and enhancement update
2014-09-16 00:00:00
cve
cve
CVE-2014-1545
2014-06-11 10:57:00
CVE-2014-1536
2014-06-11 10:57:00
CVE-2014-1534
2014-06-11 10:57:00
amazon
amazon
Critical: nspr
2014-07-23 14:07:00
prion
prion
Out-of-bounds
2014-06-11 10:57:00
Memory corruption
2014-06-11 10:57:00
Memory corruption
2014-06-11 10:57:00
ubuntucve
ubuntucve
CVE-2014-1536
2014-06-11 00:00:00
CVE-2014-1545
2014-06-11 00:00:00
CVE-2014-1534
2014-06-11 00:00:00
debiancve
debiancve
CVE-2014-1545
2014-06-11 10:57:00
ibm
ibm
Security Bulletin: Mozilla firefox vulnerability issues on IBM SONAS (CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532, CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
2018-06-18 00:08:33
Security Bulletin: IBM Storwize V7000 Unified security vulnerabilities related to Mozilla Firefox (CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532, CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
2018-06-18 00:08:28
Security Bulletin: Vulnerabilities in Network Security Services (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)
2023-03-29 01:48:02
f5
f5
SOL16716 - Multiple Mozilla NSS vulnerabilities
2015-06-05 00:00:00
K16716 : Multiple Mozilla NSS vulnerabilities
2015-09-17 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
JSON
Related for OPENSUSE-2014-447.NASL
openvas38nessus43suse6osv4debian4ubuntu3securityvulns2veracode4mageia2centos4freebsd1oraclelinux4mozilla4redhat5cve7amazon1prion7ubuntucve7debiancve1ibm6f52gentoo1