DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2021-29950", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-29950", "description": "Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1.", "published": "2021-06-24T14:15:00", "modified": "2021-06-25T20:12:00", "epss": [{"cve": "CVE-2021-29950", "epss": 0.00165, "percentile": 0.51892, "modified": "2023-05-27"}], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29950", "reporter": "security@mozilla.org", "references": ["https://bugzilla.mozilla.org/show_bug.cgi?id=1673239", "https://www.mozilla.org/security/advisories/mfsa2021-17/"], "cvelist": ["CVE-2021-29950"], "immutableFields": [], "lastseen": "2023-05-27T14:38:12", "viewCount": 134, "enchantments": {"dependencies": {"references": [{"type": "altlinux", "idList": ["7AEA443595CA0C898003A8C773E36601"]}, {"type": "centos", "idList": ["CESA-2021:1192"]}, {"type": "cnvd", "idList": ["CNVD-2021-54709"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-29950"]}, {"type": "kaspersky", "idList": ["KLA12157"]}, {"type": "mozilla", "idList": ["MFSA2021-17"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1854.NASL", "REDHAT-RHSA-2021-1190.NASL", "REDHAT-RHSA-2021-1192.NASL", "REDHAT-RHSA-2021-1193.NASL", "REDHAT-RHSA-2021-1201.NASL", "SUSE_SU-2021-1854-1.NASL", "UBUNTU_USN-4936-1.NASL"]}, {"type": "osv", "idList": ["OSV:DLA-2609-1", "OSV:DSA-4876-1"]}, {"type": "redhat", "idList": ["RHSA-2021:1190", "RHSA-2021:1192", "RHSA-2021:1193", "RHSA-2021:1201"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-29950"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1854-1"]}, {"type": "ubuntu", "idList": ["USN-4936-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-29950"]}, {"type": "veracode", "idList": ["VERACODE:30142"]}]}, "score": {"value": 2.0, "vector": "NONE"}, "twitter": {"counter": 6, "tweets": [{"link": "https://twitter.com/vigilance_fr/status/1408381724002766853", "text": "Vigil@nce /hashtag/Vuln\u00e9rabilit\u00e9?src=hashtag_click de Mozilla Thunderbird : usurpation via Unprotected OpenPGP Key. https://t.co/YqjZFS7QFI?amp=1 R\u00e9f\u00e9rences : /hashtag/CVE?src=hashtag_click-2021-29950. /hashtag/bulletin?src=hashtag_click"}, {"link": "https://twitter.com/vigilance_en/status/1408381728893378561", "text": "Vigil@nce /hashtag/Vulnerability?src=hashtag_click of Mozilla Thunderbird: spoofing via Unprotected OpenPGP Key. https://t.co/IAiH3FvG5s?amp=1 Identifiers: /hashtag/CVE?src=hashtag_click-2021-29950. /hashtag/bulletin?src=hashtag_click"}, {"link": "https://twitter.com/threatintelctr/status/1408893040853458944", "text": " NEW: CVE-2021-29950 Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprot... (click for more) Severity: HIGH https://t.co/b3frMIGsUa?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1408998706611896321", "text": " NEW: CVE-2021-29950 Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprot... (click for more) Severity: HIGH https://t.co/b3frMIGsUa?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1409187382880923648", "text": " NEW: CVE-2021-29950 Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprot... (click for more) Severity: HIGH https://t.co/b3frMIoRvA?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1409194966719635458", "text": " NEW: CVE-2021-29950 Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprot... (click for more) Severity: HIGH https://t.co/b3frMIGsUa?amp=1"}], "modified": "2021-06-26T07:43:43"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2021:1192"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-29950"]}, {"type": "kaspersky", "idList": ["KLA12157"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2021-29950/", "MSF:ILITIES/REDHAT_LINUX-CVE-2021-29950/"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1854.NASL", "UBUNTU_USN-4936-1.NASL"]}, {"type": "redhat", "idList": ["RHSA-2021:1193"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-29950"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1854-1"]}, {"type": "ubuntu", "idList": ["USN-4936-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-29950"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "mozilla thunderbird", "version": 78}]}, "epss": [{"cve": "CVE-2021-29950", "epss": 0.00165, "percentile": 0.51769, "modified": "2023-05-07"}], "vulnersScore": 2.0}, "_state": {"dependencies": 1685211539, "score": 1685200094, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "c2dbf16779c56eb6fffcea5a9dbca52a"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-312"], "affectedSoftware": [{"cpeName": "mozilla:thunderbird", "version": "78.8.1", "operator": "lt", "name": "mozilla thunderbird"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:78.8.1:*:*:*:*:*:*:*", "versionEndExcluding": "78.8.1", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1673239", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1673239", "refsource": "MISC", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2021-17/", "name": "https://www.mozilla.org/security/advisories/mfsa2021-17/", "refsource": "MISC", "tags": ["Release Notes", "Vendor Advisory"]}], "product_info": [{"vendor": "Mozilla", "product": "Thunderbird"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "Logic issue potentially leaves key material unlocked", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}

{"veracode": [{"lastseen": "2022-07-26T16:34:49", "description": "Thunderbird is vulnerable to information disclosure. The vulnerability exists due to the system unprotecting a secret OpenPGP key prior to using it for decryption ,signing or key import task. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-23T12:05:27", "type": "veracode", "title": "Information Disclosure", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29950"], "modified": "2021-06-24T17:21:37", "id": "VERACODE:30142", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30142/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "mozilla": [{"lastseen": "2023-05-27T14:55:11", "description": "Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-08T00:00:00", "type": "mozilla", "title": "Security Vulnerabilities fixed in Thunderbird 78.8.1 \u2014 Mozilla", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29950"], "modified": "2021-03-08T00:00:00", "id": "MFSA2021-17", "href": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-17/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2023-05-27T15:16:40", "description": "Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-24T14:15:00", "type": "debiancve", "title": "CVE-2021-29950", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29950"], "modified": "2021-06-24T14:15:00", "id": "DEBIANCVE:CVE-2021-29950", "href": "https://security-tracker.debian.org/tracker/CVE-2021-29950", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2023-06-29T13:56:44", "description": "Thunderbird unprotects a secret OpenPGP key prior to using it for a\ndecryption, signing or key import task. If the task runs into a failure,\nthe secret key may remain in memory in its unprotected state. This\nvulnerability affects Thunderbird < 78.8.1.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-22T00:00:00", "type": "ubuntucve", "title": "CVE-2021-29950", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29950"], "modified": "2021-04-22T00:00:00", "id": "UB:CVE-2021-29950", "href": "https://ubuntu.com/security/CVE-2021-29950", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "prion": [{"lastseen": "2023-08-16T03:00:35", "description": "Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-24T14:15:00", "type": "prion", "title": "CVE-2021-29950", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29950"], "modified": "2021-06-25T20:12:00", "id": "PRION:CVE-2021-29950", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-29950", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cnvd": [{"lastseen": "2022-11-05T11:16:10", "description": "Mozilla Thunderbird is a set of email client software from the Mozilla Foundation that is separate from the Mozilla Application Suite. Mozilla Thunderbird has a security vulnerability that could be exploited by attackers to perform operations on unlocked keys without having to unlock them beforehand.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-23T00:00:00", "type": "cnvd", "title": "Mozilla Thunderbird has an unspecified vulnerability (CNVD-2021-54709)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29950"], "modified": "2021-07-26T00:00:00", "id": "CNVD-2021-54709", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-54709", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhatcve": [{"lastseen": "2023-05-27T17:17:30", "description": "Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-21T03:14:07", "type": "redhatcve", "title": "CVE-2021-29950", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29950"], "modified": "2023-04-06T08:46:10", "id": "RH:CVE-2021-29950", "href": "https://access.redhat.com/security/cve/cve-2021-29950", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "altlinux": [{"lastseen": "2023-05-07T11:38:35", "description": "March 10, 2021 Andrey Cherepanov 78.8.1-alt1\n \n \n - New version (78.8.1).\n - Security fixes:\n + CVE-2021-29950 Logic issue potentially leaves key material unlocked\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-10T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package thunderbird version 78.8.1-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29950"], "modified": "2021-03-10T00:00:00", "id": "7AEA443595CA0C898003A8C773E36601", "href": "https://packages.altlinux.org/en/p10/srpms/thunderbird/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "kaspersky": [{"lastseen": "2023-05-27T15:01:10", "description": "### *Detect date*:\n03/08/2021\n\n### *Severity*:\nWarning\n\n### *Description*:\nA security bypass vulnerability was found in Mozilla Thunderbird. Malicious users can exploit this vulnerability to obtain sensitive information, bypass security restrictions.\n\n### *Affected products*:\nMozilla Thunderbird earlier than 78.8.1\n\n### *Solution*:\nUpdate to the latest version \n[Download Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[MFSA2021-17](<https://www.mozilla.org/en-US/security/advisories/mfsa2021-17/>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2021-29950](<https://vulners.com/cve/CVE-2021-29950>)5.0Critical", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-08T00:00:00", "type": "kaspersky", "title": "KLA12157 SB vulnerability in Mozilla Thunderbird", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29950"], "modified": "2021-05-11T00:00:00", "id": "KLA12157", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12157/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2022-11-10T08:10:18", "description": "An update that fixes four vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaThunderbird fixes the following issues:\n\n - Mozilla Thunderbird 78.10.2\n - CVE-2021-29957: Fixed partial protection of inline OpenPGP message not\n indicated (bsc#1186198).\n - CVE-2021-29956: Fixed Thunderbird stored OpenPGP secret keys without\n master password protection (bsc#1186199).\n - CVE-2021-29951: Fixed Thunderbird Maintenance Service could have been\n started or stopped by domain users (bsc#1185633).\n - CVE-2021-29950: Fixed logic issue potentially leaves key material\n unlocked (bsc#1185086).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-1854=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-11T00:00:00", "type": "suse", "title": "Security update for MozillaThunderbird (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29950", "CVE-2021-29951", "CVE-2021-29956", "CVE-2021-29957"], "modified": "2021-07-11T00:00:00", "id": "OPENSUSE-SU-2021:1854-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7FGBREHMZI3UK2I6TGJZ75S4VSJHXVNF/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2023-05-18T15:31:15", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1854-1 advisory.\n\n - Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1. (CVE-2021-29950)\n\n - The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1. (CVE-2021-29951)\n\n - OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2. (CVE-2021-29956)\n\n - If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected.\n This vulnerability affects Thunderbird < 78.10.2. (CVE-2021-29957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1854-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29950", "CVE-2021-29951", "CVE-2021-29956", "CVE-2021-29957"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillathunderbird", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-1854.NASL", "href": "https://www.tenable.com/plugins/nessus/151707", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1854-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151707);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-29950\",\n \"CVE-2021-29951\",\n \"CVE-2021-29956\",\n \"CVE-2021-29957\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0214-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0246-S\");\n\n script_name(english:\"openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1854-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1854-1 advisory.\n\n - Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import\n task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This\n vulnerability affects Thunderbird < 78.8.1. (CVE-2021-29950)\n\n - The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network,\n grants normal remote users access to start or stop the service. This could be used to prevent the browser\n update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface\n in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10\n build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1,\n Firefox < 87, and Firefox ESR < 78.10.1. (CVE-2021-29951)\n\n - OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored\n unencrypted on the user's local disk. The master password protection was inactive for those keys. Version\n 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys\n that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird <\n 78.10.2. (CVE-2021-29956)\n\n - If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an\n additional unprotected part, Thunderbird did not indicate that only parts of the message are protected.\n This vulnerability affects Thunderbird < 78.10.2. (CVE-2021-29957)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186199\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7FGBREHMZI3UK2I6TGJZ75S4VSJHXVNF/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c553e93e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29957\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaThunderbird, MozillaThunderbird-translations-common and / or MozillaThunderbird-translations-\nother packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29951\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-29950\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'MozillaThunderbird-78.10.2-8.27.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaThunderbird-translations-common-78.10.2-8.27.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaThunderbird-translations-other-78.10.2-8.27.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaThunderbird / MozillaThunderbird-translations-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:24:50", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1854-1 advisory.\n\n - Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1. (CVE-2021-29950)\n\n - The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1. (CVE-2021-29951)\n\n - OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2. (CVE-2021-29956)\n\n - If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected.\n This vulnerability affects Thunderbird < 78.10.2. (CVE-2021-29957)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2021:1854-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29950", "CVE-2021-29951", "CVE-2021-29956", "CVE-2021-29957"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillathunderbird", "p-cpe:/a:novell:suse_linux:mozillathunderbird-translations-common", "p-cpe:/a:novell:suse_linux:mozillathunderbird-translations-other", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-1854-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150685", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:1854-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150685);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-29950\",\n \"CVE-2021-29951\",\n \"CVE-2021-29956\",\n \"CVE-2021-29957\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0214-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0246-S\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:1854-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2021:1854-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:1854-1 advisory.\n\n - Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import\n task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This\n vulnerability affects Thunderbird < 78.8.1. (CVE-2021-29950)\n\n - The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network,\n grants normal remote users access to start or stop the service. This could be used to prevent the browser\n update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface\n in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10\n build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1,\n Firefox < 87, and Firefox ESR < 78.10.1. (CVE-2021-29951)\n\n - OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored\n unencrypted on the user's local disk. The master password protection was inactive for those keys. Version\n 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys\n that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird <\n 78.10.2. (CVE-2021-29956)\n\n - If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an\n additional unprotected part, Thunderbird did not indicate that only parts of the message are protected.\n This vulnerability affects Thunderbird < 78.10.2. (CVE-2021-29957)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29957\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-June/008933.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3087fb9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaThunderbird, MozillaThunderbird-translations-common and / or MozillaThunderbird-translations-\nother packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29951\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-29950\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'MozillaThunderbird-78.10.2-8.27', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-78.10.2-8.27', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-translations-common-78.10.2-8.27', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-translations-common-78.10.2-8.27', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-translations-other-78.10.2-8.27', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-translations-other-78.10.2-8.27', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-78.10.2-8.27', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'MozillaThunderbird-78.10.2-8.27', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'MozillaThunderbird-translations-common-78.10.2-8.27', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'MozillaThunderbird-translations-common-78.10.2-8.27', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'MozillaThunderbird-translations-other-78.10.2-8.27', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'MozillaThunderbird-translations-other-78.10.2-8.27', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaThunderbird / MozillaThunderbird-translations-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:16:25", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1201 advisory.\n\n - Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991)\n\n - Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n\n - Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n\n - Mozilla: Thunderbird might execute an alternative OTR library (CVE-2021-29949)\n\n - Mozilla: Logic issue potentially leaves key material unlocked (CVE-2021-29950)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-15T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2021:1201)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23991", "CVE-2021-23992", "CVE-2021-23993", "CVE-2021-29949", "CVE-2021-29950"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2021-1201.NASL", "href": "https://www.tenable.com/plugins/nessus/148569", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1201. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148569);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-23991\",\n \"CVE-2021-23992\",\n \"CVE-2021-23993\",\n \"CVE-2021-29949\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1201\");\n script_xref(name:\"IAVA\", value:\"2021-A-0163-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2021:1201)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1201 advisory.\n\n - Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key\n (CVE-2021-23991)\n\n - Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n\n - Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n\n - Mozilla: Thunderbird might execute an alternative OTR library (CVE-2021-29949)\n\n - Mozilla: Logic issue potentially leaves key material unlocked (CVE-2021-29950)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948394\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951873\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29949\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(347, 426, 522);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.9.1-1.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.9.1-1.el8_2', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.9.1-1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:16:49", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1192 advisory.\n\n - Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991)\n\n - Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n\n - Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n\n - Mozilla: Thunderbird might execute an alternative OTR library (CVE-2021-29949)\n\n - Mozilla: Logic issue potentially leaves key material unlocked (CVE-2021-29950)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-15T00:00:00", "type": "nessus", "title": "RHEL 7 : thunderbird (RHSA-2021:1192)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23991", "CVE-2021-23992", "CVE-2021-23993", "CVE-2021-29949", "CVE-2021-29950"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2021-1192.NASL", "href": "https://www.tenable.com/plugins/nessus/148570", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1192. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148570);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2021-23991\", \"CVE-2021-23992\", \"CVE-2021-23993\");\n script_xref(name:\"RHSA\", value:\"2021:1192\");\n script_xref(name:\"IAVA\", value:\"2021-A-0163-S\");\n\n script_name(english:\"RHEL 7 : thunderbird (RHSA-2021:1192)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1192 advisory.\n\n - Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key\n (CVE-2021-23991)\n\n - Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n\n - Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n\n - Mozilla: Thunderbird might execute an alternative OTR library (CVE-2021-29949)\n\n - Mozilla: Logic issue potentially leaves key material unlocked (CVE-2021-29950)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948394\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951873\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23993\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-23991\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(347, 426, 522);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.9.1-1.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.9.1-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:16:49", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1190 advisory.\n\n - Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991)\n\n - Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n\n - Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n\n - Mozilla: Thunderbird might execute an alternative OTR library (CVE-2021-29949)\n\n - Mozilla: Logic issue potentially leaves key material unlocked (CVE-2021-29950)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2021:1190)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23991", "CVE-2021-23992", "CVE-2021-23993", "CVE-2021-29949", "CVE-2021-29950"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2021-1190.NASL", "href": "https://www.tenable.com/plugins/nessus/148543", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1190. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148543);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-23991\",\n \"CVE-2021-23992\",\n \"CVE-2021-23993\",\n \"CVE-2021-29949\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1190\");\n script_xref(name:\"IAVA\", value:\"2021-A-0163-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2021:1190)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1190 advisory.\n\n - Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key\n (CVE-2021-23991)\n\n - Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n\n - Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n\n - Mozilla: Thunderbird might execute an alternative OTR library (CVE-2021-29949)\n\n - Mozilla: Logic issue potentially leaves key material unlocked (CVE-2021-29950)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948394\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951873\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29949\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(347, 426, 522);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.1/ppc64le/appstream/os',\n 'content/eus/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.1/ppc64le/baseos/os',\n 'content/eus/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap/os',\n 'content/eus/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.9.1-1.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.9.1-1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:08", "description": "The remote Ubuntu 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4936-1 advisory.\n\n - If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. (CVE-2021-23968)\n\n - As specified in the W3C Content Security Policy draft, when creating a violation report, User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If thats not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage. Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. (CVE-2021-23969)\n\n - When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. (CVE-2021-23973)\n\n - Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. (CVE-2021-23978)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-06T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 20.10 : Thunderbird vulnerabilities (USN-4936-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23968", "CVE-2021-23969", "CVE-2021-23973", "CVE-2021-23978", "CVE-2021-29950"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-af", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ar", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ast", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-be", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bg", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn-bd", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-br", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ca", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cak", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cs", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-da", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-de", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-dsb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-el", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-gb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-us", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-ar", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-es", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-et", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-eu", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fa", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fi", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy-nl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga-ie", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gd", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-he", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hsb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hu", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-id", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-is", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-it", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ja", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ka", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kab", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ko", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-mk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ms", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb-no", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn-no", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa-in", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-br", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-pt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-rm", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ro", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ru", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-si", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sq", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv-se", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta-lk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-th", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-tr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uz", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-vi", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-cn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hans", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hant", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-tw", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-mozsymbols", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-calendar-timezones", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-gdata-provider", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-lightning"], "id": "UBUNTU_USN-4936-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149322", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4936-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149322);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-23968\",\n \"CVE-2021-23969\",\n \"CVE-2021-23973\",\n \"CVE-2021-23978\",\n \"CVE-2021-29950\"\n );\n script_xref(name:\"USN\", value:\"4936-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 20.10 : Thunderbird vulnerabilities (USN-4936-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4936-1 advisory.\n\n - If Content Security Policy blocked frame navigation, the full destination of a redirect served in the\n frame was reported in the violation report; as opposed to the original frame URI. This could be used to\n leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird <\n 78.8, and Firefox ESR < 78.8. (CVE-2021-23968)\n\n - As specified in the W3C Content Security Policy draft, when creating a violation report, User agents need\n to ensure that the source file is the URL requested by the page, pre-redirects. If thats not possible,\n user agents need to strip the URL down to an origin to avoid unintentional leakage. Under certain types\n of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was\n fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird <\n 78.8, and Firefox ESR < 78.8. (CVE-2021-23969)\n\n - When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted,\n and the content of that error may have revealed information about the resource. This vulnerability affects\n Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. (CVE-2021-23973)\n\n - Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and\n Firefox ESR < 78.8. (CVE-2021-23978)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4936-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23978\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-us\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-mozsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-calendar-timezones\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-gdata-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-lightning\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '20.04', 'pkgname': 'thunderbird', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-dev', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-gnome-support', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-af', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ar', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ast', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-be', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-bg', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-bn', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-bn-bd', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-br', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ca', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-cak', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-cs', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-cy', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-da', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-de', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-dsb', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-el', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-en', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-en-gb', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-en-us', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-es', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-es-ar', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-es-es', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-et', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-eu', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-fa', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-fi', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-fr', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-fy', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-fy-nl', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ga', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ga-ie', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-gd', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-gl', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-he', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-hr', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-hsb', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-hu', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-hy', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-id', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-is', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-it', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ja', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ka', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-kab', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-kk', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ko', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-lt', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-mk', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ms', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-nb', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-nb-no', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-nl', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-nn', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-nn-no', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pa', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pa-in', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pl', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pt', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pt-br', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pt-pt', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-rm', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ro', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ru', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-si', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sk', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sl', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sq', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sr', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sv', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sv-se', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ta', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ta-lk', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-th', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-tr', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-uk', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-uz', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-vi', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-zh-cn', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-zh-hans', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-zh-hant', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-zh-tw', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-mozsymbols', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'xul-ext-calendar-timezones', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'xul-ext-gdata-provider', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'xul-ext-lightning', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.04.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-dev', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-gnome-support', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-af', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ar', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ast', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-be', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-bg', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-bn', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-bn-bd', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-br', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ca', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-cak', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-cs', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-cy', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-da', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-de', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-dsb', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-el', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-en', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-en-gb', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-en-us', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-es', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-es-ar', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-es-es', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-et', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-eu', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-fa', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-fi', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-fr', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-fy', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-fy-nl', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ga', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ga-ie', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-gd', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-gl', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-he', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-hr', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-hsb', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-hu', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-hy', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-id', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-is', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-it', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ja', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ka', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-kab', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-kk', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ko', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-lt', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-mk', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ms', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-nb', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-nb-no', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-nl', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-nn', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-nn-no', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-pa', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-pa-in', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-pl', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-pt', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-pt-br', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-pt-pt', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-rm', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ro', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ru', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-si', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-sk', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-sl', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-sq', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-sr', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-sv', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-sv-se', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ta', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-ta-lk', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-th', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-tr', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-uk', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-uz', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-vi', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-zh-cn', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-zh-hans', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-zh-hant', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-locale-zh-tw', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'thunderbird-mozsymbols', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'xul-ext-calendar-timezones', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'xul-ext-gdata-provider', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'xul-ext-lightning', 'pkgver': '1:78.8.1+build1-0ubuntu0.20.10.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird / thunderbird-dev / thunderbird-gnome-support / etc');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:17:04", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1193 advisory.\n\n - Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991)\n\n - Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n\n - Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n\n - Mozilla: Thunderbird might execute an alternative OTR library (CVE-2021-29949)\n\n - Mozilla: Logic issue potentially leaves key material unlocked (CVE-2021-29950)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2021:1193)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23991", "CVE-2021-23992", "CVE-2021-23993", "CVE-2021-29949", "CVE-2021-29950"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2021-1193.NASL", "href": "https://www.tenable.com/plugins/nessus/148561", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1193. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148561);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-23991\",\n \"CVE-2021-23992\",\n \"CVE-2021-23993\",\n \"CVE-2021-29949\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0163-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2021:1193)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1193 advisory.\n\n - Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key\n (CVE-2021-23991)\n\n - Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n\n - Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n\n - Mozilla: Thunderbird might execute an alternative OTR library (CVE-2021-29949)\n\n - Mozilla: Logic issue potentially leaves key material unlocked (CVE-2021-29950)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948394\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1948395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951873\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29949\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(347, 426, 522);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.9.1-1.el8_3', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.9.1-1.el8_3', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.9.1-1.el8_3', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.9.1-1.el8_3', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.9.1-1.el8_3', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.9.1-1.el8_3', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.9.1-1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.9.1-1.el8_3', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.9.1-1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2023-05-27T14:34:26", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.9.1.\n\nSecurity Fix(es):\n\n* Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991)\n\n* Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n\n* Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-14T13:27:37", "type": "redhat", "title": "(RHSA-2021:1192) Moderate: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23991", "CVE-2021-23992", "CVE-2021-23993", "CVE-2021-29949", "CVE-2021-29950"], "modified": "2021-04-28T02:19:22", "id": "RHSA-2021:1192", "href": "https://access.redhat.com/errata/RHSA-2021:1192", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:34:26", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.9.1.\n\nSecurity Fix(es):\n\n* Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991)\n\n* Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n\n* Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-14T16:29:34", "type": "redhat", "title": "(RHSA-2021:1201) Moderate: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23991", "CVE-2021-23992", "CVE-2021-23993", "CVE-2021-29949", "CVE-2021-29950"], "modified": "2021-04-28T02:19:21", "id": "RHSA-2021:1201", "href": "https://access.redhat.com/errata/RHSA-2021:1201", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:34:26", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.9.1.\n\nSecurity Fix(es):\n\n* Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991)\n\n* Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n\n* Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-14T13:36:43", "type": "redhat", "title": "(RHSA-2021:1193) Moderate: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23991", "CVE-2021-23992", "CVE-2021-23993", "CVE-2021-29949", "CVE-2021-29950"], "modified": "2021-04-28T02:19:33", "id": "RHSA-2021:1193", "href": "https://access.redhat.com/errata/RHSA-2021:1193", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:34:26", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.9.1.\n\nSecurity Fix(es):\n\n* Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991)\n\n* Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n\n* Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-14T10:38:15", "type": "redhat", "title": "(RHSA-2021:1190) Moderate: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23991", "CVE-2021-23992", "CVE-2021-23993", "CVE-2021-29949", "CVE-2021-29950"], "modified": "2021-04-28T02:19:32", "id": "RHSA-2021:1190", "href": "https://access.redhat.com/errata/RHSA-2021:1190", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2023-05-27T15:01:44", "description": "## Releases\n\n * Ubuntu 20.10 \n * Ubuntu 20.04 LTS\n\n## Packages\n\n * thunderbird \\- Mozilla Open Source mail and newsgroup client\n\nMultiple security issues were discovered in Thunderbird. If a user were \ntricked into opening a specially crafted website in a browsing context, \nan attacker could potentially exploit these to cause a denial of service, \nobtain sensitive information, or execute arbitrary code. (CVE-2021-23968, \nCVE-2021-23969, CVE-2021-23973, CVE-2021-23978)\n\nIt was discovered that Thunderbird may keep key material in memory in some \ncircumstances. A local attacker could potentially exploit this to obtain \nprivate keys. (CVE-2021-29950)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-06T00:00:00", "type": "ubuntu", "title": "Thunderbird vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23968", "CVE-2021-23969", "CVE-2021-23973", "CVE-2021-23978", "CVE-2021-29950"], "modified": "2021-05-06T00:00:00", "id": "USN-4936-1", "href": "https://ubuntu.com/security/notices/USN-4936-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:19:50", "description": "\nMultiple security issues were discovered in Thunderbird, which could\nresult in the execution of arbitrary code or information disclosure.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1:78.9.0-1~deb10u1.\n\n\nWe recommend that you upgrade your thunderbird packages.\n\n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/thunderbird](https://security-tracker.debian.org/tracker/thunderbird)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-25T00:00:00", "type": "osv", "title": "thunderbird - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23981", "CVE-2021-23987", "CVE-2021-23984", "CVE-2021-23982", "CVE-2021-29950"], "modified": "2022-08-10T07:19:48", "id": "OSV:DSA-4876-1", "href": "https://osv.dev/vulnerability/DSA-4876-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2023-09-07T14:16:05", "description": "**CentOS Errata and Security Advisory** CESA-2021:1192\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.9.1.\n\nSecurity Fix(es):\n\n* Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991)\n\n* Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992)\n\n* Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2021-April/086094.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2021:1192", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-16T20:25:29", "type": "centos", "title": "thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23991", "CVE-2021-23992", "CVE-2021-23993", "CVE-2021-29949", "CVE-2021-29950"], "modified": "2021-04-16T20:25:29", "id": "CESA-2021:1192", "href": "https://lists.centos.org/pipermail/centos-announce/2021-April/086094.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}