Lucene search
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.OPENSUSE-2015-977.NASLHistoryJan 04, 2016 - 12:00 a.m.
openSUSE Security Update : Mozilla Thunderbird (openSUSE-2015-977)
2016-01-0400:00:00
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.
www.tenable.com
12
10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.057 Low
EPSS
Percentile
93.4%
Mozilla Thunderbird was updated to 38.5.0 to fix multiple security issues.
The following vulnerabilities were fixed: (boo#959277)
-
CVE-2015-7201: Miscellaneous memory safety hazards
-
CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed
-
CVE-2015-7212: Integer overflow allocating extremely large textures
-
CVE-2015-7205: Underflow through code inspection
-
CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions
-
CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright
-
CVE-2015-7214: Cross-site reading attack through data and view-source URIs
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2015-977.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(87716);
script_version("2.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2015-7201", "CVE-2015-7205", "CVE-2015-7210", "CVE-2015-7212", "CVE-2015-7213", "CVE-2015-7214", "CVE-2015-7222");
script_name(english:"openSUSE Security Update : Mozilla Thunderbird (openSUSE-2015-977)");
script_summary(english:"Check for the openSUSE-2015-977 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Mozilla Thunderbird was updated to 38.5.0 to fix multiple security
issues.
The following vulnerabilities were fixed: (boo#959277)
- CVE-2015-7201: Miscellaneous memory safety hazards
- CVE-2015-7210: Use-after-free in WebRTC when datachannel
is used after being destroyed
- CVE-2015-7212: Integer overflow allocating extremely
large textures
- CVE-2015-7205: Underflow through code inspection
- CVE-2015-7213: Integer overflow in MP4 playback in
64-bit versions
- CVE-2015-7222: Integer underflow and buffer overflow
processing MP4 metadata in libstagefright
- CVE-2015-7214: Cross-site reading attack through data
and view-source URIs"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=959277"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected Mozilla Thunderbird packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
script_set_attribute(attribute:"patch_publication_date", value:"2015/12/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/04");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1|SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2 / 42.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-38.5.0-70.71.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-buildsymbols-38.5.0-70.71.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-debuginfo-38.5.0-70.71.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-debugsource-38.5.0-70.71.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-devel-38.5.0-70.71.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-translations-common-38.5.0-70.71.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"MozillaThunderbird-translations-other-38.5.0-70.71.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaThunderbird-38.5.0-34.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaThunderbird-buildsymbols-38.5.0-34.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaThunderbird-debuginfo-38.5.0-34.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaThunderbird-debugsource-38.5.0-34.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaThunderbird-devel-38.5.0-34.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaThunderbird-translations-common-38.5.0-34.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"MozillaThunderbird-translations-other-38.5.0-34.2") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"MozillaThunderbird-38.5.0-7.2") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"MozillaThunderbird-buildsymbols-38.5.0-7.2") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"MozillaThunderbird-debuginfo-38.5.0-7.2") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"MozillaThunderbird-debugsource-38.5.0-7.2") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"MozillaThunderbird-devel-38.5.0-7.2") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"MozillaThunderbird-translations-common-38.5.0-7.2") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"MozillaThunderbird-translations-other-38.5.0-7.2") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird / MozillaThunderbird-buildsymbols / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | mozillathunderbird | p-cpe:/a:novell:opensuse:mozillathunderbird |
| novell | opensuse | mozillathunderbird-buildsymbols | p-cpe:/a:novell:opensuse:mozillathunderbird-buildsymbols |
| novell | opensuse | mozillathunderbird-debuginfo | p-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo |
| novell | opensuse | mozillathunderbird-debugsource | p-cpe:/a:novell:opensuse:mozillathunderbird-debugsource |
| novell | opensuse | mozillathunderbird-devel | p-cpe:/a:novell:opensuse:mozillathunderbird-devel |
| novell | opensuse | mozillathunderbird-translations-common | p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common |
| novell | opensuse | mozillathunderbird-translations-other | p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other |
| novell | opensuse | 13.1 | cpe:/o:novell:opensuse:13.1 |
| novell | opensuse | 13.2 | cpe:/o:novell:opensuse:13.2 |
| novell | opensuse | 42.1 | cpe:/o:novell:opensuse:42.1 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7210
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7222
bugzilla.opensuse.org/show_bug.cgi?id=959277
Related
suse
suse
Security update for xulrunner (important)
2015-12-28 17:10:26
Security update for Mozilla Thunderbird (important)
2015-12-31 19:13:51
Security update for MozillaFirefox (important)
2015-12-21 21:11:46
openvas
openvas
Mozilla Firefox ESR Multiple Vulnerabilities (Dec 2015) - Windows
2015-12-18 00:00:00
CentOS Update for firefox CESA-2015:2657 centos6
2015-12-17 00:00:00
Mozilla Firefox ESR Multiple Vulnerabilities (Dec 2015) - Mac OS X
2015-12-18 00:00:00
nessus
nessus
Firefox ESR < 38.5 Multiple Vulnerabilities (Mac OS X)
2015-12-17 00:00:00
CentOS 5 / 6 / 7 : firefox (CESA-2015:2657)
2015-12-17 00:00:00
Debian DSA-3422-1 : iceweasel - security update
2015-12-17 00:00:00
redhat
redhat
(RHSA-2015:2657) Critical: firefox security update
2015-12-16 00:00:00
(RHSA-2016:0001) Important: thunderbird security update
2016-01-05 00:00:00
debian
debian
[SECURITY] [DSA 3422-1] iceweasel security update
2015-12-16 18:27:59
[SECURITY] [DSA 3432-1] icedove security update
2016-01-01 12:38:21
oraclelinux
oraclelinux
firefox security update
2015-12-16 00:00:00
thunderbird security update
2016-01-05 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerabilities
2015-12-28 22:23:26
Updated firefox packages fix security vulnerabilities
2015-12-17 00:01:04
Updated iceape packages fix security vulnerability
2016-03-25 09:38:37
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:51:52
Arbitrary Code Execution
2019-05-02 05:51:51
Buffer Overflow
2019-05-02 05:20:16
centos
centos
firefox security update
2015-12-16 20:02:04
thunderbird security update
2016-01-06 21:29:11
archlinux
archlinux
thunderbird: multiple issues
2015-12-25 00:00:00
firefox: multiple issues
2015-12-15 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2016-01-13 00:00:00
Firefox vulnerabilities
2015-12-15 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-12-15 00:00:00
kaspersky
kaspersky
KLA10723 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2015-12-15 00:00:00
prion
prion
Design/Logic Flaw
2015-12-16 11:59:00
Integer overflow
2015-12-16 11:59:00
Design/Logic Flaw
2015-12-16 11:59:00
nvd
nvd
ubuntucve
ubuntucve
mozilla
mozilla
Integer overflow in MP4 playback in 64-bit versions — Mozilla
2015-12-15 00:00:00
Cross-site reading attack through data and view-source URIs — Mozilla
2015-12-15 00:00:00
Integer overflow allocating extremely large textures — Mozilla
2015-12-15 00:00:00
cve
cve
cvelist
cvelist
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-12-30 00:00:00
10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.057 Low
EPSS
Percentile
93.4%
Related for OPENSUSE-2015-977.NASL