openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:4148-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.856784

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (SUSE-SU-2024:4148-1)

Resumen: The remote host is missing an update for the 'MozillaThunderbird' package(s) announced via the SUSE-SU-2024:4148-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'MozillaThunderbird' package(s) announced via the SUSE-SU-2024:4148-1 advisory.

Vulnerability Insight:
This update for MozillaThunderbird fixes the following issues:

- Mozilla Thunderbird 128.5
* fixed: IMAP could crash when reading cached messages
* fixed: Enabling 'Show Folder Size' on Maildir profile could
render Thunderbird unusable
* fixed: Messages corrupted by folder compaction were only
fixed by user intervention
* fixed: Reading a message from past the end of an mbox file
did not cause an error
* fixed: View -> Folders had duplicate F access keys
* fixed: Add-ons adding columns to the message list could fail
and cause display issue
* fixed: 'Empty trash on exit' and 'Expunge inbox on exit' did
not always work
* fixed: Selecting a display option in View -> Tasks did not
apply in the Task interface
* fixed: Security fixes
MFSA 2024-68 (bsc#1233695)
* CVE-2024-11691 Out-of-bounds write in Apple GPU drivers via WebGL
* CVE-2024-11692 Select list elements could be shown over another site
* CVE-2024-11693 Download Protections were bypassed by .library-ms files on Windows
* CVE-2024-11694 CSP Bypass and XSS Exposure via Web Compatibility Shims
* CVE-2024-11695 URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
* CVE-2024-11696 Unhandled Exception in Add-on Signature Verification
* CVE-2024-11697 Improper Keypress Handling in Executable File Confirmation Dialog
* CVE-2024-11698 Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
* CVE-2024-11699 Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5

- Handle upstream changes with esr-prefix of desktop-file (bsc#1233650)

Affected Software/OS:
'MozillaThunderbird' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-11691
Common Vulnerability Exposure (CVE) ID: CVE-2024-11692
Common Vulnerability Exposure (CVE) ID: CVE-2024-11693
Common Vulnerability Exposure (CVE) ID: CVE-2024-11694
Common Vulnerability Exposure (CVE) ID: CVE-2024-11695
Common Vulnerability Exposure (CVE) ID: CVE-2024-11696
Common Vulnerability Exposure (CVE) ID: CVE-2024-11697
Common Vulnerability Exposure (CVE) ID: CVE-2024-11698
Common Vulnerability Exposure (CVE) ID: CVE-2024-11699

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.856784
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:4148-1)
Resumen:	The remote host is missing an update for the 'MozillaThunderbird' package(s) announced via the SUSE-SU-2024:4148-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'MozillaThunderbird' package(s) announced via the SUSE-SU-2024:4148-1 advisory. Vulnerability Insight: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 128.5 * fixed: IMAP could crash when reading cached messages * fixed: Enabling 'Show Folder Size' on Maildir profile could render Thunderbird unusable * fixed: Messages corrupted by folder compaction were only fixed by user intervention * fixed: Reading a message from past the end of an mbox file did not cause an error * fixed: View -> Folders had duplicate F access keys * fixed: Add-ons adding columns to the message list could fail and cause display issue * fixed: 'Empty trash on exit' and 'Expunge inbox on exit' did not always work * fixed: Selecting a display option in View -> Tasks did not apply in the Task interface * fixed: Security fixes MFSA 2024-68 (bsc#1233695) * CVE-2024-11691 Out-of-bounds write in Apple GPU drivers via WebGL * CVE-2024-11692 Select list elements could be shown over another site * CVE-2024-11693 Download Protections were bypassed by .library-ms files on Windows * CVE-2024-11694 CSP Bypass and XSS Exposure via Web Compatibility Shims * CVE-2024-11695 URL Bar Spoofing via Manipulated Punycode and Whitespace Characters * CVE-2024-11696 Unhandled Exception in Add-on Signature Verification * CVE-2024-11697 Improper Keypress Handling in Executable File Confirmation Dialog * CVE-2024-11698 Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS * CVE-2024-11699 Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 - Handle upstream changes with esr-prefix of desktop-file (bsc#1233650) Affected Software/OS: 'MozillaThunderbird' package(s) on openSUSE Leap 15.5, openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-11691 Common Vulnerability Exposure (CVE) ID: CVE-2024-11692 Common Vulnerability Exposure (CVE) ID: CVE-2024-11693 Common Vulnerability Exposure (CVE) ID: CVE-2024-11694 Common Vulnerability Exposure (CVE) ID: CVE-2024-11695 Common Vulnerability Exposure (CVE) ID: CVE-2024-11696 Common Vulnerability Exposure (CVE) ID: CVE-2024-11697 Common Vulnerability Exposure (CVE) ID: CVE-2024-11698 Common Vulnerability Exposure (CVE) ID: CVE-2024-11699
Copyright	Copyright (C) 2024 Greenbone AG