DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2021-29969", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-29969", "description": "If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12.", "published": "2021-08-05T20:15:00", "modified": "2022-12-09T19:03:00", "epss": [{"cve": "CVE-2021-29969", "epss": 0.00136, "percentile": 0.4773, "modified": "2023-05-27"}], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.2, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29969", "reporter": "security@mozilla.org", "references": ["https://www.mozilla.org/security/advisories/mfsa2021-30/", "https://bugzilla.mozilla.org/show_bug.cgi?id=1682370", "https://security.gentoo.org/glsa/202208-14"], "cvelist": ["CVE-2021-29969"], "immutableFields": [], "lastseen": "2023-05-27T14:38:15", "viewCount": 163, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:2883"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-29969"]}, {"type": "altlinux", "idList": ["6C345673B583A9DEB51B12EA84BE3008"]}, {"type": "amazon", "idList": ["ALAS2-2021-1709"]}, {"type": "archlinux", "idList": ["ASA-202107-21"]}, {"type": "cnvd", "idList": ["CNVD-2021-90099"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2711-1:C6A4A", "DEBIAN:DSA-4940-1:DAB47"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-29969"]}, {"type": "gentoo", "idList": ["GLSA-202208-14"]}, {"type": "mageia", "idList": ["MGASA-2021-0355"]}, {"type": "mozilla", "idList": ["MFSA2021-30"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1709.NASL", "CENTOS8_RHSA-2021-2883.NASL", "DEBIAN_DLA-2711.NASL", "DEBIAN_DSA-4940.NASL", "GENTOO_GLSA-202208-14.NASL", "MACOS_THUNDERBIRD_78_12.NASL", "MOZILLA_THUNDERBIRD_78_12.NASL", "OPENSUSE-2021-1091.NASL", "OPENSUSE-2021-2458.NASL", "ORACLELINUX_ELSA-2021-2881.NASL", "ORACLELINUX_ELSA-2021-2883.NASL", "REDHAT-RHSA-2021-2881.NASL", "REDHAT-RHSA-2021-2882.NASL", "REDHAT-RHSA-2021-2883.NASL", "REDHAT-RHSA-2021-2914.NASL", "ROCKY_LINUX_RLSA-2021-2883.NASL", "SL_20210726_THUNDERBIRD_ON_SL7_X.NASL", "SUSE_SU-2021-2458-1.NASL", "UBUNTU_USN-5058-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-2881", "ELSA-2021-2883"]}, {"type": "osv", "idList": ["OSV:DLA-2711-1", "OSV:DSA-4940-1"]}, {"type": "redhat", "idList": ["RHSA-2021:2881", "RHSA-2021:2882", "RHSA-2021:2883", "RHSA-2021:2914"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-29969"]}, {"type": "rocky", "idList": ["RLSA-2021:2883"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1091-1", "OPENSUSE-SU-2021:2458-1"]}, {"type": "ubuntu", "idList": ["USN-5058-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-29969"]}]}, "score": {"value": 2.9, "vector": "NONE"}, "twitter": {"counter": 2, "modified": "2021-08-06T07:52:51", "tweets": [{"link": "https://twitter.com/threatmeter/status/1423541789282213894", "text": "CVE-2021-29969 If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resul\u2026 https://t.co/xpzzBMFAVZ?amp=1"}, {"link": "https://twitter.com/threatmeter/status/1423541789282213894", "text": "CVE-2021-29969 If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resul\u2026 https://t.co/xpzzBMFAVZ?amp=1"}]}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:2883"]}, {"type": "amazon", "idList": ["ALAS2-2021-1709"]}, {"type": "archlinux", "idList": ["ASA-202107-21"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2711-1:C6A4A", "DEBIAN:DSA-4940-1:DAB47"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-29969"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1709.NASL", "CENTOS8_RHSA-2021-2883.NASL", "DEBIAN_DLA-2711.NASL", "DEBIAN_DSA-4940.NASL", "MOZILLA_THUNDERBIRD_78_12.NASL", "OPENSUSE-2021-2458.NASL", "ORACLELINUX_ELSA-2021-2881.NASL", "ORACLELINUX_ELSA-2021-2883.NASL", "REDHAT-RHSA-2021-2881.NASL", "REDHAT-RHSA-2021-2882.NASL", "REDHAT-RHSA-2021-2883.NASL", "REDHAT-RHSA-2021-2914.NASL", "SL_20210726_THUNDERBIRD_ON_SL7_X.NASL", "SUSE_SU-2021-2458-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-2881", "ELSA-2021-2883"]}, {"type": "redhat", "idList": ["RHSA-2021:2882"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-29969"]}, {"type": "rocky", "idList": ["RLSA-2021:2883"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1091-1", "OPENSUSE-SU-2021:2458-1"]}, {"type": "ubuntu", "idList": ["USN-5058-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-29969"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "mozilla thunderbird", "version": 78}]}, "epss": [{"cve": "CVE-2021-29969", "epss": 0.00136, "percentile": 0.47625, "modified": "2023-05-07"}], "vulnersScore": 2.9}, "_state": {"dependencies": 1685211539, "score": 1685200094, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "e34f9c2d5054268a4642f37dc451033b"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-552"], "affectedSoftware": [{"cpeName": "mozilla:thunderbird", "version": "78.12", "operator": "lt", "name": "mozilla thunderbird"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:78.12:*:*:*:*:*:*:*", "versionEndExcluding": "78.12", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://www.mozilla.org/security/advisories/mfsa2021-30/", "name": "https://www.mozilla.org/security/advisories/mfsa2021-30/", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1682370", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1682370", "refsource": "MISC", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"]}, {"url": "https://security.gentoo.org/glsa/202208-14", "name": "GLSA-202208-14", "refsource": "GENTOO", "tags": ["Third Party Advisory"]}], "product_info": [{"vendor": "Mozilla", "product": "Thunderbird"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "IMAP server responses sent by a MITM prior to STARTTLS could be processed", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}

{"debiancve": [{"lastseen": "2023-05-27T15:16:41", "description": "If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-05T20:15:00", "type": "debiancve", "title": "CVE-2021-29969", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969"], "modified": "2021-08-05T20:15:00", "id": "DEBIANCVE:CVE-2021-29969", "href": "https://security-tracker.debian.org/tracker/CVE-2021-29969", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-05-19T14:48:44", "description": "The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:2883 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12. (CVE-2021-29969)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : thunderbird (RLSA-2021:2883)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:thunderbird", "p-cpe:/a:rocky:linux:thunderbird-debuginfo", "p-cpe:/a:rocky:linux:thunderbird-debugsource", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2021-2883.NASL", "href": "https://www.tenable.com/plugins/nessus/157838", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2021:2883.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157838);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2021-29969\");\n script_xref(name:\"RLSA\", value:\"2021:2883\");\n\n script_name(english:\"Rocky Linux 8 : thunderbird (RLSA-2021:2883)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nRLSA-2021:2883 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability\n affects Thunderbird < 78.12. (CVE-2021-29969)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2021:2883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1970109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1982013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1982014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1982015\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird, thunderbird-debuginfo and / or thunderbird-debugsource packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29969\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:thunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'thunderbird-78.12.0-3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.12.0-3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-debuginfo-78.12.0-3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-debuginfo-78.12.0-3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-debugsource-78.12.0-3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-debugsource-78.12.0-3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird / thunderbird-debuginfo / thunderbird-debugsource');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:21:21", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2882 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-26T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2021:2882)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2021-2882.NASL", "href": "https://www.tenable.com/plugins/nessus/152077", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2882. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152077);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2882\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2021:2882)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2882 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982015\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 345, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.1/ppc64le/appstream/os',\n 'content/eus/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.1/ppc64le/baseos/os',\n 'content/eus/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap/os',\n 'content/eus/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.12.0-2.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.12.0-2.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:11:55", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-2881 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-27T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : thunderbird (ELSA-2021-2881)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2021-2881.NASL", "href": "https://www.tenable.com/plugins/nessus/152095", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2881.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152095);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Oracle Linux 7 : thunderbird (ELSA-2021-2881)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-2881 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2881.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'thunderbird-78.12.0-2.0.1.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.12.0-2.0.1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:20:18", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2881 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-26T00:00:00", "type": "nessus", "title": "RHEL 7 : thunderbird (RHSA-2021:2881)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2021-2881.NASL", "href": "https://www.tenable.com/plugins/nessus/152074", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2881. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152074);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2881\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n\n script_name(english:\"RHEL 7 : thunderbird (RHSA-2021:2881)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2881 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982015\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 345, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.12.0-2.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.12.0-2.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:51", "description": "The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-2883 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-27T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : thunderbird (ELSA-2021-2883)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2021-2883.NASL", "href": "https://www.tenable.com/plugins/nessus/152093", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2883.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152093);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Oracle Linux 8 : thunderbird (ELSA-2021-2883)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-2883 advisory.\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2883.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'thunderbird-78.12.0-3.0.1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.12.0-3.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:58", "description": "The version of Thunderbird installed on the remote Windows host is prior to 78.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-30 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Thunderbird when accessibility was enabled. (CVE-2021-29970)\n\n - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. (CVE-2021-30547)\n\n - Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory safety bugs present in Thunderbird 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.\n (CVE-2021-29976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-13T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 78.12", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_78_12.NASL", "href": "https://www.tenable.com/plugins/nessus/151613", "sourceData": "#%NASL_MIN_LEVEL 70300\n## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2021-30.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151613);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/16\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Mozilla Thunderbird < 78.12\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote Windows host is prior to 78.12. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the mfsa2021-30 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Thunderbird when accessibility was enabled. (CVE-2021-29970)\n\n - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially\n exploitable crash. (CVE-2021-30547)\n\n - Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory\n safety bugs present in Thunderbird 78.11. Some of these bugs showed evidence of memory corruption and we\n presume that with enough effort some of these could have been exploited to run arbitrary code.\n (CVE-2021-29976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 78.12 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nport = get_kb_item('SMB/transport');\nif (!port) port = 445;\n\ninstalls = get_kb_list('SMB/Mozilla/Thunderbird/*');\nif (isnull(installs)) audit(AUDIT_NOT_INST, 'Thunderbird');\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'78.12', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:12", "description": "The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2711 advisory.\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-19T00:00:00", "type": "nessus", "title": "Debian DLA-2711-1 : thunderbird - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:calendar-google-provider", "p-cpe:/a:debian:debian_linux:icedove", "p-cpe:/a:debian:debian_linux:icedove-dbg", "p-cpe:/a:debian:debian_linux:icedove-dev", "p-cpe:/a:debian:debian_linux:icedove-l10n-all", "p-cpe:/a:debian:debian_linux:icedove-l10n-ar", "p-cpe:/a:debian:debian_linux:icedove-l10n-ast", "p-cpe:/a:debian:debian_linux:icedove-l10n-be", "p-cpe:/a:debian:debian_linux:icedove-l10n-bg", "p-cpe:/a:debian:debian_linux:icedove-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:icedove-l10n-br", "p-cpe:/a:debian:debian_linux:icedove-l10n-ca", "p-cpe:/a:debian:debian_linux:icedove-l10n-cs", "p-cpe:/a:debian:debian_linux:icedove-l10n-da", "p-cpe:/a:debian:debian_linux:icedove-l10n-de", "p-cpe:/a:debian:debian_linux:icedove-l10n-dsb", "p-cpe:/a:debian:debian_linux:icedove-l10n-el", "p-cpe:/a:debian:debian_linux:icedove-l10n-en-gb", "p-cpe:/a:debian:debian_linux:icedove-l10n-es-ar", "p-cpe:/a:debian:debian_linux:icedove-l10n-es-es", "p-cpe:/a:debian:debian_linux:icedove-l10n-et", "p-cpe:/a:debian:debian_linux:icedove-l10n-eu", "p-cpe:/a:debian:debian_linux:icedove-l10n-fi", "p-cpe:/a:debian:debian_linux:icedove-l10n-fr", "p-cpe:/a:debian:debian_linux:icedove-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:icedove-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:icedove-l10n-gd", "p-cpe:/a:debian:debian_linux:icedove-l10n-gl", "p-cpe:/a:debian:debian_linux:icedove-l10n-he", "p-cpe:/a:debian:debian_linux:icedove-l10n-hr", "p-cpe:/a:debian:debian_linux:icedove-l10n-hsb", "p-cpe:/a:debian:debian_linux:icedove-l10n-hu", "p-cpe:/a:debian:debian_linux:icedove-l10n-hy-am", "p-cpe:/a:debian:debian_linux:icedove-l10n-id", "p-cpe:/a:debian:debian_linux:icedove-l10n-is", "p-cpe:/a:debian:debian_linux:icedove-l10n-it", "p-cpe:/a:debian:debian_linux:icedove-l10n-ja", "p-cpe:/a:debian:debian_linux:icedove-l10n-kab", "p-cpe:/a:debian:debian_linux:icedove-l10n-ko", "p-cpe:/a:debian:debian_linux:icedove-l10n-lt", "p-cpe:/a:debian:debian_linux:icedove-l10n-nb-no", "p-cpe:/a:debian:debian_linux:icedove-l10n-nl", "p-cpe:/a:debian:debian_linux:icedove-l10n-nn-no", "p-cpe:/a:debian:debian_linux:icedove-l10n-pa-in", "p-cpe:/a:debian:debian_linux:icedove-l10n-pl", "p-cpe:/a:debian:debian_linux:icedove-l10n-pt-br", "p-cpe:/a:debian:debian_linux:icedove-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:icedove-l10n-rm", "p-cpe:/a:debian:debian_linux:icedove-l10n-ro", "p-cpe:/a:debian:debian_linux:icedove-l10n-ru", "p-cpe:/a:debian:debian_linux:icedove-l10n-si", "p-cpe:/a:debian:debian_linux:icedove-l10n-sk", "p-cpe:/a:debian:debian_linux:icedove-l10n-sl", "p-cpe:/a:debian:debian_linux:icedove-l10n-sq", "p-cpe:/a:debian:debian_linux:icedove-l10n-sr", "p-cpe:/a:debian:debian_linux:icedove-l10n-sv-se", "p-cpe:/a:debian:debian_linux:icedove-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:icedove-l10n-tr", "p-cpe:/a:debian:debian_linux:icedove-l10n-uk", "p-cpe:/a:debian:debian_linux:icedove-l10n-vi", "p-cpe:/a:debian:debian_linux:icedove-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:icedove-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:iceowl-extension", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ar", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ast", "p-cpe:/a:debian:debian_linux:iceowl-l10n-be", "p-cpe:/a:debian:debian_linux:iceowl-l10n-bg", "p-cpe:/a:debian:debian_linux:iceowl-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:iceowl-l10n-br", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ca", "p-cpe:/a:debian:debian_linux:iceowl-l10n-cs", "p-cpe:/a:debian:debian_linux:iceowl-l10n-cy", "p-cpe:/a:debian:debian_linux:iceowl-l10n-da", "p-cpe:/a:debian:debian_linux:iceowl-l10n-de", "p-cpe:/a:debian:debian_linux:iceowl-l10n-dsb", "p-cpe:/a:debian:debian_linux:iceowl-l10n-el", "p-cpe:/a:debian:debian_linux:iceowl-l10n-en-gb", "p-cpe:/a:debian:debian_linux:iceowl-l10n-es-ar", "p-cpe:/a:debian:debian_linux:iceowl-l10n-es-es", "p-cpe:/a:debian:debian_linux:iceowl-l10n-et", "p-cpe:/a:debian:debian_linux:iceowl-l10n-eu", "p-cpe:/a:debian:debian_linux:lightning-l10n-ro", "p-cpe:/a:debian:debian_linux:lightning-l10n-ru", "p-cpe:/a:debian:debian_linux:lightning-l10n-si", "p-cpe:/a:debian:debian_linux:lightning-l10n-sk", "p-cpe:/a:debian:debian_linux:lightning-l10n-sl", "p-cpe:/a:debian:debian_linux:lightning-l10n-sq", "p-cpe:/a:debian:debian_linux:lightning-l10n-sr", "p-cpe:/a:debian:debian_linux:lightning-l10n-sv-se", "p-cpe:/a:debian:debian_linux:lightning-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:lightning-l10n-tr", "p-cpe:/a:debian:debian_linux:lightning-l10n-uk", "p-cpe:/a:debian:debian_linux:lightning-l10n-vi", "p-cpe:/a:debian:debian_linux:lightning-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:lightning-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:thunderbird", "p-cpe:/a:debian:debian_linux:thunderbird-dbg", "p-cpe:/a:debian:debian_linux:thunderbird-dev", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-all", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-be", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cak", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cy", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-da", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-de", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-el", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-et", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-he", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-id", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-is", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-it", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ka", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-kk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt", "p-cpe:/a:debian:debian_linux:iceowl-l10n-fi", "p-cpe:/a:debian:debian_linux:iceowl-l10n-fr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:iceowl-l10n-gd", "p-cpe:/a:debian:debian_linux:iceowl-l10n-gl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-he", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hsb", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hu", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hy-am", "p-cpe:/a:debian:debian_linux:iceowl-l10n-id", "p-cpe:/a:debian:debian_linux:iceowl-l10n-is", "p-cpe:/a:debian:debian_linux:iceowl-l10n-it", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ja", "p-cpe:/a:debian:debian_linux:iceowl-l10n-kab", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ko", "p-cpe:/a:debian:debian_linux:iceowl-l10n-lt", "p-cpe:/a:debian:debian_linux:iceowl-l10n-nb-no", "p-cpe:/a:debian:debian_linux:iceowl-l10n-nl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-nn-no", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pa-in", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-br", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:iceowl-l10n-rm", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ro", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ru", "p-cpe:/a:debian:debian_linux:iceowl-l10n-si", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sq", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sv-se", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-tr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-uk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-vi", "p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:lightning", "p-cpe:/a:debian:debian_linux:lightning-l10n-ar", "p-cpe:/a:debian:debian_linux:lightning-l10n-ast", "p-cpe:/a:debian:debian_linux:lightning-l10n-be", "p-cpe:/a:debian:debian_linux:lightning-l10n-bg", "p-cpe:/a:debian:debian_linux:lightning-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:lightning-l10n-br", "p-cpe:/a:debian:debian_linux:lightning-l10n-ca", "p-cpe:/a:debian:debian_linux:lightning-l10n-cs", "p-cpe:/a:debian:debian_linux:lightning-l10n-cy", "p-cpe:/a:debian:debian_linux:lightning-l10n-da", "p-cpe:/a:debian:debian_linux:lightning-l10n-de", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ms", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pa-in", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-si", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-uz", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw", "cpe:/o:debian:debian_linux:9.0", "p-cpe:/a:debian:debian_linux:lightning-l10n-dsb", "p-cpe:/a:debian:debian_linux:lightning-l10n-el", "p-cpe:/a:debian:debian_linux:lightning-l10n-en-gb", "p-cpe:/a:debian:debian_linux:lightning-l10n-es-ar", "p-cpe:/a:debian:debian_linux:lightning-l10n-es-es", "p-cpe:/a:debian:debian_linux:lightning-l10n-et", "p-cpe:/a:debian:debian_linux:lightning-l10n-eu", "p-cpe:/a:debian:debian_linux:lightning-l10n-fi", "p-cpe:/a:debian:debian_linux:lightning-l10n-fr", "p-cpe:/a:debian:debian_linux:lightning-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:lightning-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:lightning-l10n-gd", "p-cpe:/a:debian:debian_linux:lightning-l10n-gl", "p-cpe:/a:debian:debian_linux:lightning-l10n-he", "p-cpe:/a:debian:debian_linux:lightning-l10n-hr", "p-cpe:/a:debian:debian_linux:lightning-l10n-hsb", "p-cpe:/a:debian:debian_linux:lightning-l10n-hu", "p-cpe:/a:debian:debian_linux:lightning-l10n-hy-am", "p-cpe:/a:debian:debian_linux:lightning-l10n-id", "p-cpe:/a:debian:debian_linux:lightning-l10n-is", "p-cpe:/a:debian:debian_linux:lightning-l10n-it", "p-cpe:/a:debian:debian_linux:lightning-l10n-ja", "p-cpe:/a:debian:debian_linux:lightning-l10n-kab", "p-cpe:/a:debian:debian_linux:lightning-l10n-kk", "p-cpe:/a:debian:debian_linux:lightning-l10n-ko", "p-cpe:/a:debian:debian_linux:lightning-l10n-lt", "p-cpe:/a:debian:debian_linux:lightning-l10n-ms", "p-cpe:/a:debian:debian_linux:lightning-l10n-nb-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-nl", "p-cpe:/a:debian:debian_linux:lightning-l10n-nn-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-pa-in", "p-cpe:/a:debian:debian_linux:lightning-l10n-pl", "p-cpe:/a:debian:debian_linux:lightning-l10n-pt-br", "p-cpe:/a:debian:debian_linux:lightning-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:lightning-l10n-rm"], "id": "DEBIAN_DLA-2711.NASL", "href": "https://www.tenable.com/plugins/nessus/151812", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2711. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151812);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Debian DLA-2711-1 : thunderbird - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-2711 advisory.\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/thunderbird\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2021/dla-2711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/thunderbird\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the thunderbird packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:calendar-google-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-extension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nrelease = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nrelease = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\npkgs = [\n {'release': '9.0', 'prefix': 'calendar-google-provider', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-dbg', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-dev', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-all', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ar', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ast', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-be', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-bg', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-bn-bd', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-br', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ca', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-cs', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-da', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-de', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-dsb', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-el', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-en-gb', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-es-ar', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-es-es', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-et', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-eu', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-fi', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-fr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-fy-nl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ga-ie', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-gd', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-gl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-he', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-hr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-hsb', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-hu', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-hy-am', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-id', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-is', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-it', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ja', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-kab', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ko', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-lt', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-nb-no', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-nl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-nn-no', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-pa-in', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-pl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-pt-br', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-pt-pt', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-rm', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ro', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ru', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-si', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-sk', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-sl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-sq', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-sr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-sv-se', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ta-lk', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-tr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-uk', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-vi', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-zh-cn', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-zh-tw', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-extension', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ar', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ast', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-be', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-bg', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-bn-bd', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-br', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ca', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-cs', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-cy', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-da', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-de', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-dsb', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-el', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-en-gb', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-es-ar', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-es-es', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-et', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-eu', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-fi', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-fr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-fy-nl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ga-ie', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-gd', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-gl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-he', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-hr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-hsb', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-hu', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-hy-am', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-id', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-is', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-it', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ja', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-kab', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ko', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-lt', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-nb-no', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-nl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-nn-no', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-pa-in', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-pl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-pt-br', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-pt-pt', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-rm', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ro', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ru', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-si', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-sk', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-sl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-sq', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-sr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-sv-se', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ta-lk', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-tr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-uk', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-vi', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-zh-cn', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-zh-tw', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ar', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ast', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-be', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-bg', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-bn-bd', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-br', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ca', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-cs', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-cy', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-da', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-de', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-dsb', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-el', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-en-gb', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-es-ar', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-es-es', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-et', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-eu', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-fi', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-fr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-fy-nl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ga-ie', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-gd', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-gl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-he', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-hr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-hsb', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-hu', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-hy-am', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-id', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-is', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-it', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ja', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-kab', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-kk', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ko', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-lt', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ms', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-nb-no', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-nl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-nn-no', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-pa-in', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-pl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-pt-br', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-pt-pt', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-rm', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ro', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ru', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-si', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-sk', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-sl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-sq', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-sr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-sv-se', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ta-lk', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-tr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-uk', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-vi', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-zh-cn', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-zh-tw', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-dbg', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-dev', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-all', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ar', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ast', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-be', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-bg', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-bn-bd', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-br', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ca', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-cak', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-cs', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-cy', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-da', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-de', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-dsb', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-el', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-en-gb', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-es-ar', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-es-es', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-et', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-eu', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-fi', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-fr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-fy-nl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ga-ie', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-gd', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-gl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-he', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-hr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-hsb', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-hu', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-hy-am', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-id', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-is', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-it', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ja', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ka', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-kab', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-kk', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ko', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-lt', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ms', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-nb-no', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-nl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-nn-no', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-pa-in', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-pl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-pt-br', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-pt-pt', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-rm', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ro', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ru', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-si', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-sk', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-sl', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-sq', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-sr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-sv-se', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ta-lk', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-tr', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-uk', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-uz', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-vi', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-zh-cn', 'reference': '1:78.12.0-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-zh-tw', 'reference': '1:78.12.0-1~deb9u1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n release = NULL;\n prefix = NULL;\n reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'calendar-google-provider / icedove / icedove-dbg / icedove-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:15", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1091-1 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-05T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1091-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillathunderbird", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1091.NASL", "href": "https://www.tenable.com/plugins/nessus/152219", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1091-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152219);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1091-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1091-1 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188275\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABQT6TDIB2IQ4ZZNUZXMHLE7ZDVD4YBM/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3459991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaThunderbird, MozillaThunderbird-translations-common and / or MozillaThunderbird-translations-\nother packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'MozillaThunderbird-78.12.0-lp152.2.48.2', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaThunderbird / MozillaThunderbird-translations-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:41", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2458-1 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-23T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:2458-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillathunderbird", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-2458.NASL", "href": "https://www.tenable.com/plugins/nessus/152010", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2458-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152010);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:2458-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2458-1 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)\n\n - Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory\n safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory\n corruption and we presume that with enough effort some of these could have been exploited to run arbitrary\n code. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188275\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AQOPHIOAWOQQLB7SCESJM5UI67QUVORM/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ef44ebb7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaThunderbird, MozillaThunderbird-translations-common and / or MozillaThunderbird-translations-\nother packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'MozillaThunderbird-78.12.0-8.33.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaThunderbird-translations-common-78.12.0-8.33.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaThunderbird-translations-other-78.12.0-8.33.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaThunderbird / MozillaThunderbird-translations-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:52", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:2881-1 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-26T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2021:2881)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo"], "id": "SL_20210726_THUNDERBIRD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/152086", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152086);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"RHSA\", value:\"RHSA-2021:2881\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2021:2881)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2021:2881-1 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20212881-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nvar os_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\nvar pkgs = [\n {'reference':'thunderbird-78.12.0-2.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-debuginfo-78.12.0-2.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird / thunderbird-debuginfo');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:27:49", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2458-1 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29970)\n\n - Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-23T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2021:2458-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillathunderbird", "p-cpe:/a:novell:suse_linux:mozillathunderbird-translations-common", "p-cpe:/a:novell:suse_linux:mozillathunderbird-translations-other", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2458-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152023", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2458-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152023);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2458-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2021:2458-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2458-1 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability\n affects Thunderbird < 78.12. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability\n affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29970)\n\n - Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of\n these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12,\n Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29976)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009206.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f4176a25\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaThunderbird, MozillaThunderbird-translations-common and / or MozillaThunderbird-translations-\nother packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'MozillaThunderbird-78.12.0-8.33.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-78.12.0-8.33.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-translations-common-78.12.0-8.33.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-translations-common-78.12.0-8.33.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-translations-other-78.12.0-8.33.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-translations-other-78.12.0-8.33.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-78.12.0-8.33.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'MozillaThunderbird-78.12.0-8.33.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'MozillaThunderbird-translations-common-78.12.0-8.33.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'MozillaThunderbird-translations-common-78.12.0-8.33.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'MozillaThunderbird-translations-other-78.12.0-8.33.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'MozillaThunderbird-translations-other-78.12.0-8.33.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaThunderbird / MozillaThunderbird-translations-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:47", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4940 advisory.\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-18T00:00:00", "type": "nessus", "title": "Debian DSA-4940-1 : thunderbird - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:calendar-google-provider", "p-cpe:/a:debian:debian_linux:lightning", "p-cpe:/a:debian:debian_linux:lightning-l10n-ar", "p-cpe:/a:debian:debian_linux:lightning-l10n-ast", "p-cpe:/a:debian:debian_linux:lightning-l10n-be", "p-cpe:/a:debian:debian_linux:lightning-l10n-bg", "p-cpe:/a:debian:debian_linux:lightning-l10n-br", "p-cpe:/a:debian:debian_linux:lightning-l10n-ca", "p-cpe:/a:debian:debian_linux:lightning-l10n-cs", "p-cpe:/a:debian:debian_linux:lightning-l10n-cy", "p-cpe:/a:debian:debian_linux:lightning-l10n-da", "p-cpe:/a:debian:debian_linux:lightning-l10n-de", "p-cpe:/a:debian:debian_linux:lightning-l10n-dsb", "p-cpe:/a:debian:debian_linux:lightning-l10n-el", "p-cpe:/a:debian:debian_linux:lightning-l10n-en-gb", "p-cpe:/a:debian:debian_linux:lightning-l10n-es-ar", "p-cpe:/a:debian:debian_linux:lightning-l10n-es-es", "p-cpe:/a:debian:debian_linux:lightning-l10n-et", "p-cpe:/a:debian:debian_linux:lightning-l10n-eu", "p-cpe:/a:debian:debian_linux:lightning-l10n-fi", "p-cpe:/a:debian:debian_linux:lightning-l10n-fr", "p-cpe:/a:debian:debian_linux:lightning-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:lightning-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:lightning-l10n-gd", "p-cpe:/a:debian:debian_linux:lightning-l10n-gl", "p-cpe:/a:debian:debian_linux:lightning-l10n-he", "p-cpe:/a:debian:debian_linux:lightning-l10n-hr", "p-cpe:/a:debian:debian_linux:lightning-l10n-hsb", "p-cpe:/a:debian:debian_linux:lightning-l10n-hu", "p-cpe:/a:debian:debian_linux:lightning-l10n-hy-am", "p-cpe:/a:debian:debian_linux:lightning-l10n-id", "p-cpe:/a:debian:debian_linux:lightning-l10n-is", "p-cpe:/a:debian:debian_linux:lightning-l10n-it", "p-cpe:/a:debian:debian_linux:lightning-l10n-ja", "p-cpe:/a:debian:debian_linux:lightning-l10n-kab", "p-cpe:/a:debian:debian_linux:lightning-l10n-kk", "p-cpe:/a:debian:debian_linux:lightning-l10n-ko", "p-cpe:/a:debian:debian_linux:lightning-l10n-lt", "p-cpe:/a:debian:debian_linux:lightning-l10n-ms", "p-cpe:/a:debian:debian_linux:lightning-l10n-nb-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-nl", "p-cpe:/a:debian:debian_linux:lightning-l10n-nn-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-pl", "p-cpe:/a:debian:debian_linux:lightning-l10n-pt-br", "p-cpe:/a:debian:debian_linux:lightning-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:lightning-l10n-rm", "p-cpe:/a:debian:debian_linux:lightning-l10n-ro", "p-cpe:/a:debian:debian_linux:lightning-l10n-ru", "p-cpe:/a:debian:debian_linux:lightning-l10n-si", "p-cpe:/a:debian:debian_linux:lightning-l10n-sk", "p-cpe:/a:debian:debian_linux:lightning-l10n-sl", "p-cpe:/a:debian:debian_linux:lightning-l10n-sq", "p-cpe:/a:debian:debian_linux:lightning-l10n-sr", "p-cpe:/a:debian:debian_linux:lightning-l10n-sv-se", "p-cpe:/a:debian:debian_linux:lightning-l10n-tr", "p-cpe:/a:debian:debian_linux:lightning-l10n-uk", "p-cpe:/a:debian:debian_linux:lightning-l10n-vi", "p-cpe:/a:debian:debian_linux:lightning-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:lightning-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:thunderbird", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-all", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cak", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-be", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cy", "cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-da", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-de", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-el", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-et", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-he", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-id", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-is", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-it", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ka", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-kk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ms", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-si", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-uz"], "id": "DEBIAN_DSA-4940.NASL", "href": "https://www.tenable.com/plugins/nessus/151807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-4940. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151807);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Debian DSA-4940-1 : thunderbird - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-4940 advisory.\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/thunderbird\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2021/dsa-4940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/thunderbird\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the thunderbird packages.\n\nFor the stable distribution (buster), these problems have been fixed in version 1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:calendar-google-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nrelease = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nrelease = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\npkgs = [\n {'release': '10.0', 'prefix': 'calendar-google-provider', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ar', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ast', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-be', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-bg', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-br', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ca', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-cs', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-cy', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-da', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-de', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-dsb', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-el', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-en-gb', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-es-ar', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-es-es', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-et', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-eu', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-fi', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-fr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-fy-nl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ga-ie', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-gd', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-gl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-he', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-hr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-hsb', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-hu', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-hy-am', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-id', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-is', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-it', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ja', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-kab', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-kk', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ko', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-lt', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ms', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-nb-no', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-nl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-nn-no', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-pl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-pt-br', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-pt-pt', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-rm', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ro', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-ru', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-si', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-sk', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-sl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-sq', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-sr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-sv-se', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-tr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-uk', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-vi', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-zh-cn', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning-l10n-zh-tw', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-all', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ar', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ast', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-be', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-bg', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-br', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ca', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-cak', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-cs', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-cy', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-da', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-de', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-dsb', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-el', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-en-gb', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-es-ar', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-es-es', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-et', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-eu', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-fi', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-fr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-fy-nl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ga-ie', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-gd', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-gl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-he', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-hr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-hsb', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-hu', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-hy-am', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-id', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-is', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-it', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ja', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ka', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-kab', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-kk', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ko', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-lt', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ms', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-nb-no', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-nl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-nn-no', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-pl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-pt-br', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-pt-pt', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-rm', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ro', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ru', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-si', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-sk', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-sl', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-sq', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-sr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-sv-se', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-tr', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-uk', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-uz', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-vi', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-zh-cn', 'reference': '1:78.12.0-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-zh-tw', 'reference': '1:78.12.0-1~deb10u1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n release = NULL;\n prefix = NULL;\n reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'calendar-google-provider / lightning / lightning-l10n-ar / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:20:50", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2883 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-26T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2021:2883)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:thunderbird", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2021-2883.NASL", "href": "https://www.tenable.com/plugins/nessus/152076", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2883. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152076);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"RHSA\", value:\"2021:2883\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2021:2883)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2883 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982015\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(120, 345, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.12.0-3.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.12.0-3.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.12.0-3.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:21:22", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2914 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-27T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2021:2914)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2021-2914.NASL", "href": "https://www.tenable.com/plugins/nessus/152097", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2914. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152097);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2914\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2021:2914)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2914 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1982015\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(120, 345, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-78.12.0-2.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.12.0-2.el8_2', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.12.0-2.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:04", "description": "The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-30 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Thunderbird when accessibility was enabled. (CVE-2021-29970)\n\n - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. (CVE-2021-30547)\n\n - Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory safety bugs present in Thunderbird 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.\n (CVE-2021-29976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-13T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 78.12", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-16T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOS_THUNDERBIRD_78_12.NASL", "href": "https://www.tenable.com/plugins/nessus/151612", "sourceData": "#%NASL_MIN_LEVEL 70300\n## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2021-30.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151612);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/16\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Mozilla Thunderbird < 78.12\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.12. It is, therefore, affected\nby multiple vulnerabilities as referenced in the mfsa2021-30 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. This bug only affected Thunderbird when accessibility was enabled. (CVE-2021-29970)\n\n - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially\n exploitable crash. (CVE-2021-30547)\n\n - Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory\n safety bugs present in Thunderbird 78.11. Some of these bugs showed evidence of memory corruption and we\n presume that with enough effort some of these could have been exploited to run arbitrary code.\n (CVE-2021-29976)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 78.12 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nkb_base = 'MacOSX/Thunderbird';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nversion = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\npath = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nis_esr = get_kb_item(kb_base+'/is_esr');\nif (is_esr) exit(0, 'The Mozilla Thunderbird installation is in the ESR branch.');\n\nmozilla_check_version(version:version, path:path, product:'thunderbird', esr:FALSE, fix:'78.12', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:22", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:2883 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-01T00:00:00", "type": "nessus", "title": "CentOS 8 : thunderbird (CESA-2021:2883)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-12T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:thunderbird"], "id": "CENTOS8_RHSA-2021-2883.NASL", "href": "https://www.tenable.com/plugins/nessus/152168", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:2883. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152168);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2883\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"CentOS 8 : thunderbird (CESA-2021:2883)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2021:2883 advisory.\n\n - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n - Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n - Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n - chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2883\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'thunderbird-78.12.0-3.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.12.0-3.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-09T14:55:08", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5058-1 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29970)\n\n - Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29976)\n\n - Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. (CVE-2021-29980)\n\n - Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash.\n This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.\n (CVE-2021-29984)\n\n - A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. (CVE-2021-29985)\n\n - A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.\n (CVE-2021-29986)\n\n - Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. (CVE-2021-29988)\n\n - Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91. (CVE-2021-29989)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-01T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS / 21.04 : Thunderbird vulnerabilities (USN-5058-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-29980", "CVE-2021-29984", "CVE-2021-29985", "CVE-2021-29986", "CVE-2021-29988", "CVE-2021-29989", "CVE-2021-30547"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:21.04", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-af", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ar", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ast", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-be", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bg", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn-bd", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-br", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ca", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cak", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cs", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-da", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-de", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-dsb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-el", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-gb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-us", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-ar", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-es", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-et", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-eu", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fa", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fi", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy-nl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga-ie", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gd", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-he", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hsb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hu", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-id", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-is", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-it", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ja", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ka", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kab", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ko", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-mk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ms", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb-no", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn-no", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa-in", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-br", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-pt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-rm", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ro", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ru", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-si", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sq", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv-se", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta-lk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-th", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-tr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uz", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-vi", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-cn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hans", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hant", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-tw", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-mozsymbols", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-calendar-timezones", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-gdata-provider", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-lightning"], "id": "UBUNTU_USN-5058-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152953", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5058-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152953);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-29980\",\n \"CVE-2021-29984\",\n \"CVE-2021-29985\",\n \"CVE-2021-29986\",\n \"CVE-2021-29988\",\n \"CVE-2021-29989\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"USN\", value:\"5058-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0366-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS / 21.04 : Thunderbird vulnerabilities (USN-5058-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-5058-1 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability\n affects Thunderbird < 78.12. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability\n affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29970)\n\n - Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of\n these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12,\n Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29976)\n\n - Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption\n and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91,\n Firefox ESR < 78.13, and Firefox < 91. (CVE-2021-29980)\n\n - Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly\n considered during garbage collection. This led to memory corruption and a potentially exploitable crash.\n This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.\n (CVE-2021-29984)\n\n - A use-after-free vulnerability in media channels could have led to memory corruption and a potentially\n exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13,\n and Firefox < 91. (CVE-2021-29985)\n\n - A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable\n crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.*\n This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.\n (CVE-2021-29986)\n\n - Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds\n read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird <\n 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. (CVE-2021-29988)\n\n - Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13,\n and Firefox < 91. (CVE-2021-29989)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5058-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-us\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-mozsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-calendar-timezones\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-gdata-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-lightning\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04|21\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04 / 21.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'thunderbird', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-dev', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-gnome-support', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-af', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ar', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ast', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-be', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-bg', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-bn', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-bn-bd', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-br', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ca', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-cak', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-cs', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-cy', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-da', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-de', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-dsb', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-el', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-en', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-en-gb', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-en-us', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-es', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-es-ar', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-es-es', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-et', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-eu', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-fa', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-fi', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-fr', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-fy', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-fy-nl', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ga', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ga-ie', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-gd', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-gl', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-he', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-hr', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-hsb', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-hu', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-hy', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-id', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-is', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-it', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ja', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ka', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-kab', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-kk', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ko', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-lt', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-mk', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ms', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-nb', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-nb-no', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-nl', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-nn', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-nn-no', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pa', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pa-in', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pl', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pt', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pt-br', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pt-pt', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-rm', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ro', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ru', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-si', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sk', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sl', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sq', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sr', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sv', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sv-se', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ta', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ta-lk', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-th', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-tr', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-uk', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-uz', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-vi', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-zh-cn', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-zh-hans', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-zh-hant', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-zh-tw', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-mozsymbols', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'xul-ext-calendar-timezones', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'xul-ext-gdata-provider', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'xul-ext-lightning', 'pkgver': '1:78.13.0+build1-0ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-dev', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-gnome-support', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-af', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ar', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ast', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-be', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-bg', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-bn', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-bn-bd', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-br', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ca', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-cak', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-cs', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-cy', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-da', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-de', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-dsb', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-el', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-en', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-en-gb', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-en-us', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-es', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-es-ar', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-es-es', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-et', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-eu', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-fa', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-fi', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-fr', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-fy', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-fy-nl', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ga', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ga-ie', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-gd', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-gl', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-he', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-hr', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-hsb', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-hu', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-hy', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-id', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-is', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-it', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ja', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ka', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-kab', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-kk', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ko', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-lt', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-mk', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ms', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-nb', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-nb-no', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-nl', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-nn', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-nn-no', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pa', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pa-in', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pl', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pt', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pt-br', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pt-pt', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-rm', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ro', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ru', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-si', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sk', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sl', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sq', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sr', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sv', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sv-se', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ta', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ta-lk', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-th', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-tr', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-uk', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-uz', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-vi', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-zh-cn', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-zh-hans', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-zh-hant', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-zh-tw', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'thunderbird-mozsymbols', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'xul-ext-calendar-timezones', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'xul-ext-gdata-provider', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'xul-ext-lightning', 'pkgver': '1:78.13.0+build1-0ubuntu0.20.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-dev', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-gnome-support', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-af', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-ar', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-ast', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-be', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-bg', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-bn', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-bn-bd', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-br', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-ca', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-cak', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-cs', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-cy', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-da', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-de', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-dsb', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-el', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-en', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-en-gb', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-en-us', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-es', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-es-ar', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-es-es', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-et', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-eu', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-fa', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-fi', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-fr', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-fy', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-fy-nl', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-ga', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-ga-ie', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-gd', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-gl', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-he', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-hr', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-hsb', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-hu', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-hy', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-id', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-is', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-it', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-ja', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-ka', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-kab', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-kk', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-ko', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-lt', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-mk', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-ms', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-nb', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-nb-no', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-nl', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-nn', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-nn-no', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-pa', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-pa-in', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-pl', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-pt', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-pt-br', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-pt-pt', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-rm', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-ro', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-ru', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-si', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-sk', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-sl', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-sq', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-sr', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-sv', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-sv-se', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-ta', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-ta-lk', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-th', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-tr', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-uk', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-uz', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-vi', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-zh-cn', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-zh-hans', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-zh-hant', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-locale-zh-tw', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'thunderbird-mozsymbols', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'xul-ext-calendar-timezones', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'xul-ext-gdata-provider', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'},\n {'osver': '21.04', 'pkgname': 'xul-ext-lightning', 'pkgver': '1:78.13.0+build1-0ubuntu0.21.04.2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird / thunderbird-dev / thunderbird-gnome-support / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-09T15:03:05", "description": "The version of thunderbird installed on the remote host is prior to 78.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1709 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29970)\n\n - Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29976)\n\n - Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. (CVE-2021-29980)\n\n - Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash.\n This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.\n (CVE-2021-29984)\n\n - A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. (CVE-2021-29985)\n\n - A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.\n (CVE-2021-29986)\n\n - Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. (CVE-2021-29988)\n\n - Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91. (CVE-2021-29989)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-16T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : thunderbird (ALAS-2021-1709)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-29980", "CVE-2021-29984", "CVE-2021-29985", "CVE-2021-29986", "CVE-2021-29988", "CVE-2021-29989", "CVE-2021-30547"], "modified": "2021-09-16T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:thunderbird", "p-cpe:/a:amazon:linux:thunderbird-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1709.NASL", "href": "https://www.tenable.com/plugins/nessus/153417", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1709.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153417);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/16\");\n\n script_cve_id(\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-29980\",\n \"CVE-2021-29984\",\n \"CVE-2021-29985\",\n \"CVE-2021-29986\",\n \"CVE-2021-29988\",\n \"CVE-2021-29989\",\n \"CVE-2021-30547\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0309-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0366-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"ALAS\", value:\"2021-1709\");\n\n script_name(english:\"Amazon Linux 2 : thunderbird (ALAS-2021-1709)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of thunderbird installed on the remote host is prior to 78.13.0-1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2021-1709 advisory.\n\n - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server\n responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected\n data. This could have resulted in Thunderbird showing incorrect information, for example the attacker\n could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability\n affects Thunderbird < 78.12. (CVE-2021-29969)\n\n - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially\n exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability\n affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29970)\n\n - Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird.\n Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of\n these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12,\n Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29976)\n\n - Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption\n and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91,\n Firefox ESR < 78.13, and Firefox < 91. (CVE-2021-29980)\n\n - Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly\n considered during garbage collection. This led to memory corruption and a potentially exploitable crash.\n This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.\n (CVE-2021-29984)\n\n - A use-after-free vulnerability in media channels could have led to memory corruption and a potentially\n exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13,\n and Firefox < 91. (CVE-2021-29985)\n\n - A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable\n crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.*\n This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.\n (CVE-2021-29986)\n\n - Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds\n read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird <\n 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. (CVE-2021-29988)\n\n - Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13,\n and Firefox < 91. (CVE-2021-29989)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1709.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update thunderbird' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30547\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'thunderbird-78.13.0-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.13.0-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-debuginfo-78.13.0-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-debuginfo-78.13.0-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-01T19:42:25", "description": "The remote host is affected by the vulnerability described in GLSA-202208-14 (Mozilla Thunderbird: Multiple Vulnerabilities)\n\n - Please review the referenced CVE identifiers for details. (CVE-2021-29967, CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989, CVE-2021-30547, CVE-2021-38492, CVE-2021-38493, CVE-2021-38495, CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-40529, CVE-2021-4129, CVE-2021-4140, CVE-2021-43528, CVE-2021-43529, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546, CVE-2022-0566, CVE-2022-1196, CVE-2022-1197, CVE-2022-1520, CVE-2022-1529, CVE-2022-1802, CVE-2022-1834, CVE-2022-2200, CVE-2022-2226, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751, CVE-2022-22754, CVE-2022-22756, CVE-2022-22759, CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, CVE-2022-22764, CVE-2022-24713, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387, CVE-2022-26485, CVE-2022-26486, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289, CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917, CVE-2022-31736, CVE-2022-31737, CVE-2022-31738, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742, CVE-2022-31747, CVE-2022-34468, CVE-2022-34470, CVE-2022-34472, CVE-2022-34478, CVE-2022-34479, CVE-2022-34481, CVE-2022-34484, CVE-2022-36318, CVE-2022-36319)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "GLSA-202208-14 : Mozilla Thunderbird: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29967", "CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-29980", "CVE-2021-29984", "CVE-2021-29985", "CVE-2021-29986", "CVE-2021-29988", "CVE-2021-29989", "CVE-2021-30547", "CVE-2021-38492", "CVE-2021-38493", "CVE-2021-38495", "CVE-2021-38503", "CVE-2021-38504", "CVE-2021-38506", "CVE-2021-38507", "CVE-2021-38508", "CVE-2021-38509", "CVE-2021-40529", "CVE-2021-4129", "CVE-2021-4140", "CVE-2021-43528", "CVE-2021-43529", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546", "CVE-2022-0566", "CVE-2022-1196", "CVE-2022-1197", "CVE-2022-1520", "CVE-2022-1529", "CVE-2022-1802", "CVE-2022-1834", "CVE-2022-2200", "CVE-2022-2226", "CVE-2022-22737", "CVE-2022-22738", "CVE-2022-22739", "CVE-2022-22740", "CVE-2022-22741", "CVE-2022-22742", "CVE-2022-22743", "CVE-2022-22745", "CVE-2022-22747", "CVE-2022-22748", "CVE-2022-22751", "CVE-2022-22754", "CVE-2022-22756", "CVE-2022-22759", "CVE-2022-22760", "CVE-2022-22761", "CVE-2022-22763", "CVE-2022-22764", "CVE-2022-24713", "CVE-2022-26381", "CVE-2022-26383", "CVE-2022-26384", "CVE-2022-26386", "CVE-2022-26387", "CVE-2022-26485", "CVE-2022-26486", "CVE-2022-28281", "CVE-2022-28282", "CVE-2022-28285", "CVE-2022-28286", "CVE-2022-28289", "CVE-2022-29909", "CVE-2022-29911", "CVE-2022-29912", "CVE-2022-29913", "CVE-2022-29914", "CVE-2022-29916", "CVE-2022-29917", "CVE-2022-31736", "CVE-2022-31737", "CVE-2022-31738", "CVE-2022-31740", "CVE-2022-31741", "CVE-2022-31742", "CVE-2022-31747", "CVE-2022-34468", "CVE-2022-34470", "CVE-2022-34472", "CVE-2022-34478", "CVE-2022-34479", "CVE-2022-34481", "CVE-2022-34484", "CVE-2022-36318", "CVE-2022-36319"], "modified": "2022-08-10T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:thunderbird", "p-cpe:/a:gentoo:linux:thunderbird-bin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-14.NASL", "href": "https://www.tenable.com/plugins/nessus/163986", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-14.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163986);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/10\");\n\n script_cve_id(\n \"CVE-2021-4129\",\n \"CVE-2021-4140\",\n \"CVE-2021-29967\",\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-29980\",\n \"CVE-2021-29984\",\n \"CVE-2021-29985\",\n \"CVE-2021-29986\",\n \"CVE-2021-29988\",\n \"CVE-2021-29989\",\n \"CVE-2021-30547\",\n \"CVE-2021-38492\",\n \"CVE-2021-38493\",\n \"CVE-2021-38495\",\n \"CVE-2021-38503\",\n \"CVE-2021-38504\",\n \"CVE-2021-38506\",\n \"CVE-2021-38507\",\n \"CVE-2021-38508\",\n \"CVE-2021-38509\",\n \"CVE-2021-40529\",\n \"CVE-2021-43528\",\n \"CVE-2021-43529\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\",\n \"CVE-2022-0566\",\n \"CVE-2022-1196\",\n \"CVE-2022-1197\",\n \"CVE-2022-1520\",\n \"CVE-2022-1529\",\n \"CVE-2022-1802\",\n \"CVE-2022-1834\",\n \"CVE-2022-2200\",\n \"CVE-2022-2226\",\n \"CVE-2022-22737\",\n \"CVE-2022-22738\",\n \"CVE-2022-22739\",\n \"CVE-2022-22740\",\n \"CVE-2022-22741\",\n \"CVE-2022-22742\",\n \"CVE-2022-22743\",\n \"CVE-2022-22745\",\n \"CVE-2022-22747\",\n \"CVE-2022-22748\",\n \"CVE-2022-22751\",\n \"CVE-2022-22754\",\n \"CVE-2022-22756\",\n \"CVE-2022-22759\",\n \"CVE-2022-22760\",\n \"CVE-2022-22761\",\n \"CVE-2022-22763\",\n \"CVE-2022-22764\",\n \"CVE-2022-24713\",\n \"CVE-2022-26381\",\n \"CVE-2022-26383\",\n \"CVE-2022-26384\",\n \"CVE-2022-26386\",\n \"CVE-2022-26387\",\n \"CVE-2022-26485\",\n \"CVE-2022-26486\",\n \"CVE-2022-28281\",\n \"CVE-2022-28282\",\n \"CVE-2022-28285\",\n \"CVE-2022-28286\",\n \"CVE-2022-28289\",\n \"CVE-2022-29909\",\n \"CVE-2022-29911\",\n \"CVE-2022-29912\",\n \"CVE-2022-29913\",\n \"CVE-2022-29914\",\n \"CVE-2022-29916\",\n \"CVE-2022-29917\",\n \"CVE-2022-31736\",\n \"CVE-2022-31737\",\n \"CVE-2022-31738\",\n \"CVE-2022-31740\",\n \"CVE-2022-31741\",\n \"CVE-2022-31742\",\n \"CVE-2022-31747\",\n \"CVE-2022-34468\",\n \"CVE-2022-34470\",\n \"CVE-2022-34472\",\n \"CVE-2022-34478\",\n \"CVE-2022-34479\",\n \"CVE-2022-34481\",\n \"CVE-2022-34484\",\n \"CVE-2022-36318\",\n \"CVE-2022-36319\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/21\");\n\n script_name(english:\"GLSA-202208-14 : Mozilla Thunderbird: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-14 (Mozilla Thunderbird: Multiple\nVulnerabilities)\n\n - Please review the referenced CVE identifiers for details. (CVE-2021-29967, CVE-2021-29969,\n CVE-2021-29970, CVE-2021-29976, CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986,\n CVE-2021-29988, CVE-2021-29989, CVE-2021-30547, CVE-2021-38492, CVE-2021-38493, CVE-2021-38495,\n CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509,\n CVE-2021-40529, CVE-2021-4129, CVE-2021-4140, CVE-2021-43528, CVE-2021-43529, CVE-2021-43536,\n CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543,\n CVE-2021-43545, CVE-2021-43546, CVE-2022-0566, CVE-2022-1196, CVE-2022-1197, CVE-2022-1520, CVE-2022-1529,\n CVE-2022-1802, CVE-2022-1834, CVE-2022-2200, CVE-2022-2226, CVE-2022-22737, CVE-2022-22738,\n CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745,\n CVE-2022-22747, CVE-2022-22748, CVE-2022-22751, CVE-2022-22754, CVE-2022-22756, CVE-2022-22759,\n CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, CVE-2022-22764, CVE-2022-24713, CVE-2022-26381,\n CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387, CVE-2022-26485, CVE-2022-26486,\n CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289, CVE-2022-29909,\n CVE-2022-29911, CVE-2022-29912, CVE-2022-29913, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917,\n CVE-2022-31736, CVE-2022-31737, CVE-2022-31738, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742,\n CVE-2022-31747, CVE-2022-34468, CVE-2022-34470, CVE-2022-34472, CVE-2022-34478, CVE-2022-34479,\n CVE-2022-34481, CVE-2022-34484, CVE-2022-36318, CVE-2022-36319)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-14\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=794085\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=802759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=807943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=811912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=813501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=822294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=828539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=831040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=833520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=834805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=845057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=846596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=849047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=857048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=864577\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Mozilla Thunderbird users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=mail-client/thunderbird-91.12.0\n \nAll Mozilla Thunderbird binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=mail-client/thunderbird-bin-91.12.0\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-36319\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"mail-client/thunderbird\",\n 'unaffected' : make_list(\"ge 91.12.0\"),\n 'vulnerable' : make_list(\"lt 91.12.0\")\n },\n {\n 'name' : \"mail-client/thunderbird-bin\",\n 'unaffected' : make_list(\"ge 91.12.0\"),\n 'vulnerable' : make_list(\"lt 91.12.0\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhatcve": [{"lastseen": "2023-05-27T17:16:51", "description": "If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-14T01:29:06", "type": "redhatcve", "title": "CVE-2021-29969", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969"], "modified": "2023-04-06T08:47:02", "id": "RH:CVE-2021-29969", "href": "https://access.redhat.com/security/cve/cve-2021-29969", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "prion": [{"lastseen": "2023-08-16T03:00:38", "description": "If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-05T20:15:00", "type": "prion", "title": "CVE-2021-29969", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969"], "modified": "2022-12-09T19:03:00", "id": "PRION:CVE-2021-29969", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-29969", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2023-06-07T13:43:25", "description": "If Thunderbird was configured to use STARTTLS for an IMAP connection, and\nan attacker injected IMAP server responses prior to the completion of the\nSTARTTLS handshake, then Thunderbird didn't ignore the injected data. This\ncould have resulted in Thunderbird showing incorrect information, for\nexample the attacker could have tricked Thunderbird to show folders that\ndidn't exist on the IMAP server. This vulnerability affects Thunderbird <\n78.12.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-05T00:00:00", "type": "ubuntucve", "title": "CVE-2021-29969", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969"], "modified": "2021-08-05T00:00:00", "id": "UB:CVE-2021-29969", "href": "https://ubuntu.com/security/CVE-2021-29969", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cnvd": [{"lastseen": "2022-11-05T08:35:25", "description": "Mozilla Thunderbird is an open source email client. A command injection vulnerability exists in the Mozilla Thunderbird product, which stems from a problem in the way Thunderbird handles IMAP server responses sent prior to the STARTTLS process. An attacker could exploit this vulnerability to send arbitrary IMAP commands before the STARTTLS handshake and execute them after the handshake completes.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-25T00:00:00", "type": "cnvd", "title": "Mozilla Thunderbird Command Injection Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969"], "modified": "2021-11-23T00:00:00", "id": "CNVD-2021-90099", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-90099", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "alpinelinux": [{"lastseen": "2023-06-23T11:06:11", "description": "If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-05T20:15:00", "type": "alpinelinux", "title": "CVE-2021-29969", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969"], "modified": "2022-12-09T19:03:00", "id": "ALPINE:CVE-2021-29969", "href": "https://security.alpinelinux.org/vuln/CVE-2021-29969", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2023-05-27T16:20:58", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.12.0.\n\nSecurity Fix(es):\n\n* Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n* Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n* Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n* chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-26T10:57:23", "type": "redhat", "title": "(RHSA-2021:2881) Important: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-26T11:35:11", "id": "RHSA-2021:2881", "href": "https://access.redhat.com/errata/RHSA-2021:2881", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T16:20:58", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.12.0.\n\nSecurity Fix(es):\n\n* Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n* Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n* Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n* chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-27T07:05:45", "type": "redhat", "title": "(RHSA-2021:2914) Important: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-27T07:36:20", "id": "RHSA-2021:2914", "href": "https://access.redhat.com/errata/RHSA-2021:2914", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T16:20:58", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.12.0.\n\nSecurity Fix(es):\n\n* Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n* Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n* Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n* chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-26T10:57:23", "type": "redhat", "title": "(RHSA-2021:2882) Important: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-26T11:25:05", "id": "RHSA-2021:2882", "href": "https://access.redhat.com/errata/RHSA-2021:2882", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T16:20:58", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.12.0.\n\nSecurity Fix(es):\n\n* Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n* Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n* Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n* chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-26T10:57:37", "type": "redhat", "title": "(RHSA-2021:2883) Important: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-26T11:40:29", "id": "RHSA-2021:2883", "href": "https://access.redhat.com/errata/RHSA-2021:2883", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-05-27T15:00:33", "description": "IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969). Use-after-free in accessibility features of a document (CVE-2021-29970). Out of bounds write in ANGLE (CVE-2021-30547). Memory safety bugs fixed in Thunderbird 78.12 (CVE-2021-29976). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-16T08:25:31", "type": "mageia", "title": "Updated thunderbird packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-16T08:25:31", "id": "MGASA-2021-0355", "href": "https://advisories.mageia.org/MGASA-2021-0355.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mozilla": [{"lastseen": "2023-05-27T14:55:09", "description": "If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server.\nA malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Thunderbird when accessibility was enabled.\nAn out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash.\nMozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and Olli Pettay reported memory safety bugs present in Thunderbird 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-13T00:00:00", "type": "mozilla", "title": "Security Vulnerabilities fixed in Thunderbird 78.12 \u2014 Mozilla", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-13T00:00:00", "id": "MFSA2021-30", "href": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-05T05:19:31", "description": "\nMultiple security issues were discovered in Thunderbird, which could\nresult in the execution of arbitrary code.\n\n\n* [CVE-2021-30547](https://security-tracker.debian.org/tracker/CVE-2021-30547)\nDescription\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:78.12.0-1~deb9u1.\n\n\nWe recommend that you upgrade your thunderbird packages.\n\n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/thunderbird>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-19T00:00:00", "type": "osv", "title": "thunderbird - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2022-08-05T05:19:09", "id": "OSV:DLA-2711-1", "href": "https://osv.dev/vulnerability/DLA-2711-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:07:11", "description": "\nMultiple security issues were discovered in Thunderbird, which could\nresult in the execution of arbitrary code.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1:78.12.0-1~deb10u1.\n\n\nWe recommend that you upgrade your thunderbird packages.\n\n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/thunderbird](https://security-tracker.debian.org/tracker/thunderbird)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-18T00:00:00", "type": "osv", "title": "thunderbird - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2022-08-10T07:07:07", "id": "OSV:DSA-4940-1", "href": "https://osv.dev/vulnerability/DSA-4940-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:25:09", "description": "[78.12.0-3.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[78.12.0-3]\n- Rebuild to pickup older nss\n[78.12.0-2]\n- Update to 78.12.0 build2\n[78.12.0-1]\n- Update to 78.12.0 build1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-27T00:00:00", "type": "oraclelinux", "title": "thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-27T00:00:00", "id": "ELSA-2021-2883", "href": "http://linux.oracle.com/errata/ELSA-2021-2883.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:25:11", "description": "[78.12.0-2.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[78.12.0-2]\n- Update to 78.12.0 build2\n[78.12.0-1]\n- Update to 78.12.0 build1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-27T00:00:00", "type": "oraclelinux", "title": "thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-27T00:00:00", "id": "ELSA-2021-2881", "href": "http://linux.oracle.com/errata/ELSA-2021-2881.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2023-05-27T16:21:12", "description": "Arch Linux Security Advisory ASA-202107-21\n==========================================\n\nSeverity: High\nDate : 2021-07-14\nCVE-ID : CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547\nPackage : thunderbird\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2152\n\nSummary\n=======\n\nThe package thunderbird before version 78.12.0-1 is vulnerable to\nmultiple issues including arbitrary code execution and content\nspoofing.\n\nResolution\n==========\n\nUpgrade to 78.12.0-1.\n\n# pacman -Syu \"thunderbird>=78.12.0-1\"\n\nThe problems have been fixed upstream in version 78.12.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-29969 (content spoofing)\n\nIf Thunderbird before version 78.12 was configured to use STARTTLS for\nan IMAP connection, and an attacker injected IMAP server responses\nprior to the completion of the STARTTLS handshake, then Thunderbird\ndidn't ignore the injected data. This could have resulted in\nThunderbird showing incorrect information, for example the attacker\ncould have tricked Thunderbird to show folders that didn't exist on the\nIMAP server.\n\n- CVE-2021-29970 (arbitrary code execution)\n\nA malicious webpage could have triggered a use-after-free, memory\ncorruption, and a potentially exploitable crash. This bug only affected\nFirefox before version 90 and Thunderbird before version 78.12 when\naccessibility was enabled.\n\n- CVE-2021-29976 (arbitrary code execution)\n\nMozilla developers reported memory safety bugs present in Firefox 89\nand Thunderbird 78.11. Some of these bugs showed evidence of memory\ncorruption and Mozilla presumes that with enough effort some of these\ncould have been exploited to run arbitrary code.\n\n- CVE-2021-30547 (arbitrary code execution)\n\nAn out of bounds write in ANGLE could have allowed an attacker to\ncorrupt memory leading to a potentially exploitable crash in the\nChromium browser engine before version 91.0.4472.101, Firefox before\nversion 90 and Thunderbird before version 78.12.\n\nImpact\n======\n\nA remote man-in-the-middle attacker could spoof content by injecting\nserver responses into an IMAP connection that is using STARTTLS.\nFurthermore, a remote attacker could execute arbitrary code in a\nbrowsing context using a crafted web page.\n\nReferences\n==========\n\nhttps://www.mozilla.org/security/advisories/mfsa2021-30/\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1682370\nhttps://www.mozilla.org/security/advisories/mfsa2021-28/\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1709976\nhttps://bugzilla.mozilla.org/buglist.cgi?bug_id=1700895%2C1703334%2C1706910%2C1711576%2C1714391\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\nhttps://crbug.com/1210414\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1715766\nhttps://security.archlinux.org/CVE-2021-29969\nhttps://security.archlinux.org/CVE-2021-29970\nhttps://security.archlinux.org/CVE-2021-29976\nhttps://security.archlinux.org/CVE-2021-30547", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-14T00:00:00", "type": "archlinux", "title": "[ASA-202107-21] thunderbird: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-14T00:00:00", "id": "ASA-202107-21", "href": "https://security.archlinux.org/ASA-202107-21", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "altlinux": [{"lastseen": "2023-05-07T11:38:31", "description": "July 14, 2021 Andrey Cherepanov 78.12.0-alt1\n \n \n - New version (78.12.0).\n - Security fixes:\n + CVE-2021-29969 IMAP server responses sent by a MITM prior to STARTTLS could be processed\n + CVE-2021-29970 Use-after-free in accessibility features of a document\n + CVE-2021-30547 Out of bounds write in ANGLE\n + CVE-2021-29976 Memory safety bugs fixed in Thunderbird 78.12\n - Completely remove build external enigmail.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-14T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package thunderbird version 78.12.0-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-14T00:00:00", "id": "6C345673B583A9DEB51B12EA84BE3008", "href": "https://packages.altlinux.org/en/p10/srpms/thunderbird/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-05-29T14:20:10", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4940-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 18, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : thunderbird\nCVE ID : CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547\n\nMultiple security issues were discovered in Thunderbird, which could\nresult in the execution of arbitrary code.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1:78.12.0-1~deb10u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-18T15:15:11", "type": "debian", "title": "[SECURITY] [DSA 4940-1] thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-18T15:15:11", "id": "DEBIAN:DSA-4940-1:DAB47", "href": "https://lists.debian.org/debian-security-announce/2021/msg00123.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-05T21:05:50", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2711-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nJuly 19, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : thunderbird\nVersion : 1:78.12.0-1~deb9u1\nCVE ID : CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547\n\nMultiple security issues were discovered in Thunderbird, which could\nresult in the execution of arbitrary code.\n\nCVE-2021-30547\n\n Description\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:78.12.0-1~deb9u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-19T10:47:51", "type": "debian", "title": "[SECURITY] [DLA 2711-1] thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-19T10:47:51", "id": "DEBIAN:DLA-2711-1:C6A4A", "href": "https://lists.debian.org/debian-lts-announce/2021/07/msg00010.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-09T21:00:55", "description": "An update that fixes four vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaThunderbird fixes the following issues:\n\n Mozilla Thunderbird 78.12\n\n * fixed: Sending an email containing HTML links with spaces in the URL\n sometimes resulted in broken links\n * fixed: Folder Pane display theme fixes for macOS\n * fixed: Chat account settings did not always save as expected\n * fixed: RSS feed subscriptions sometimes lost\n * fixed: Calendar: A parsing error for alarm triggers of type \"DURATION\"\n caused sync problems for some users\n * fixed: Various security fixes\n\n MFSA 2021-30 (bsc#1188275)\n\n * CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS\n could be processed\n * CVE-2021-29970: Use-after-free in accessibility features of a document\n * CVE-2021-30547: Out of bounds write in ANGLE\n * CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1091=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-04T00:00:00", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-04T00:00:00", "id": "OPENSUSE-SU-2021:1091-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABQT6TDIB2IQ4ZZNUZXMHLE7ZDVD4YBM/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T17:58:39", "description": "An update that fixes four vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaThunderbird fixes the following issues:\n\n Mozilla Thunderbird 78.12\n\n * fixed: Sending an email containing HTML links with spaces in the URL\n sometimes resulted in broken links\n * fixed: Folder Pane display theme fixes for macOS\n * fixed: Chat account settings did not always save as expected\n * fixed: RSS feed subscriptions sometimes lost\n * fixed: Calendar: A parsing error for alarm triggers of type \"DURATION\"\n caused sync problems for some users\n * fixed: Various security fixes\n\n MFSA 2021-30 (bsc#1188275)\n\n * CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS\n could be processed\n * CVE-2021-29970: Use-after-free in accessibility features of a document\n * CVE-2021-30547: Out of bounds write in ANGLE\n * CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-2458=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-22T00:00:00", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-22T00:00:00", "id": "OPENSUSE-SU-2021:2458-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AQOPHIOAWOQQLB7SCESJM5UI67QUVORM/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "almalinux": [{"lastseen": "2021-08-11T15:48:27", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.12.0.\n\nSecurity Fix(es):\n\n* Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n* Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n* Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n* chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-26T10:57:37", "type": "almalinux", "title": "Important: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-08-11T13:42:14", "id": "ALSA-2021:2883", "href": "https://errata.almalinux.org/8/ALSA-2021-2883.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "rocky": [{"lastseen": "2023-07-24T17:27:08", "description": "An update is available for thunderbird.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.12.0.\n\nSecurity Fix(es):\n\n* Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969)\n\n* Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970)\n\n* Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976)\n\n* chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-26T10:57:37", "type": "rocky", "title": "thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-30547"], "modified": "2021-07-26T10:57:37", "id": "RLSA-2021:2883", "href": "https://errata.rockylinux.org/RLSA-2021:2883", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-05-27T14:59:32", "description": "## Releases\n\n * Ubuntu 21.04 \n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * thunderbird \\- Mozilla Open Source mail and newsgroup client\n\nIt was discovered that Thunderbird didn't ignore IMAP server responses \nprior to completion of the STARTTLS handshake. A person-in-the-middle \ncould potentially exploit this to trick Thunderbird into showing incorrect \ninformation. (CVE-2021-29969)\n\nMultiple security issues were discovered in Thunderbird. If a user were \ntricked into opening a specially crafted website in a browsing context, an \nattacker could potentially exploit these to cause a denial of service, or \nexecute arbitrary code. (CVE-2021-29970, CVE-2021-29976, CVE-2021-29980, \nCVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, \nCVE-2021-29989, CVE-2021-30547)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-31T00:00:00", "type": "ubuntu", "title": "Thunderbird vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-29980", "CVE-2021-29984", "CVE-2021-29985", "CVE-2021-29986", "CVE-2021-29988", "CVE-2021-29989", "CVE-2021-30547"], "modified": "2021-08-31T00:00:00", "id": "USN-5058-1", "href": "https://ubuntu.com/security/notices/USN-5058-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2023-05-27T15:07:50", "description": "**Issue Overview:**\n\nIf Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird &lt; 78.12. (CVE-2021-29969)\n\nA malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird &lt; 78.12, Firefox ESR &lt; 78.12, and Firefox &lt; 90\\. (CVE-2021-29970)\n\nMozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 78.12, Firefox ESR &lt; 78.12, and Firefox &lt; 90\\. (CVE-2021-29976)\n\nUninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 78.13, Thunderbird &lt; 91, Firefox ESR &lt; 78.13, and Firefox &lt; 91\\. (CVE-2021-29980)\n\nInstruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 78.13, Thunderbird &lt; 91, Firefox ESR &lt; 78.13, and Firefox &lt; 91\\. (CVE-2021-29984)\n\nA use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 78.13, Thunderbird &lt; 91, Firefox ESR &lt; 78.13, and Firefox &lt; 91\\. (CVE-2021-29985)\n\nA suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird &lt; 78.13, Thunderbird &lt; 91, Firefox ESR &lt; 78.13, and Firefox &lt; 91\\. (CVE-2021-29986)\n\nFirefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird &lt; 78.13, Thunderbird &lt; 91, Firefox ESR &lt; 78.13, and Firefox &lt; 91\\. (CVE-2021-29988)\n\nMozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 78.13, Firefox ESR &lt; 78.13, and Firefox &lt; 91\\. (CVE-2021-29989)\n\nOut of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n \n**Affected Packages:** \n\n\nthunderbird\n\n \n**Issue Correction:** \nRun _yum update thunderbird_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 thunderbird-78.13.0-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 thunderbird-debuginfo-78.13.0-1.amzn2.0.1.aarch64 \n \n src: \n \u00a0\u00a0\u00a0 thunderbird-78.13.0-1.amzn2.0.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 thunderbird-78.13.0-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 thunderbird-debuginfo-78.13.0-1.amzn2.0.1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2021-29969](<https://access.redhat.com/security/cve/CVE-2021-29969>), [CVE-2021-29970](<https://access.redhat.com/security/cve/CVE-2021-29970>), [CVE-2021-29976](<https://access.redhat.com/security/cve/CVE-2021-29976>), [CVE-2021-29980](<https://access.redhat.com/security/cve/CVE-2021-29980>), [CVE-2021-29984](<https://access.redhat.com/security/cve/CVE-2021-29984>), [CVE-2021-29985](<https://access.redhat.com/security/cve/CVE-2021-29985>), [CVE-2021-29986](<https://access.redhat.com/security/cve/CVE-2021-29986>), [CVE-2021-29988](<https://access.redhat.com/security/cve/CVE-2021-29988>), [CVE-2021-29989](<https://access.redhat.com/security/cve/CVE-2021-29989>), [CVE-2021-30547](<https://access.redhat.com/security/cve/CVE-2021-30547>)\n\nMitre: [CVE-2021-29969](<https://vulners.com/cve/CVE-2021-29969>), [CVE-2021-29970](<https://vulners.com/cve/CVE-2021-29970>), [CVE-2021-29976](<https://vulners.com/cve/CVE-2021-29976>), [CVE-2021-29980](<https://vulners.com/cve/CVE-2021-29980>), [CVE-2021-29984](<https://vulners.com/cve/CVE-2021-29984>), [CVE-2021-29985](<https://vulners.com/cve/CVE-2021-29985>), [CVE-2021-29986](<https://vulners.com/cve/CVE-2021-29986>), [CVE-2021-29988](<https://vulners.com/cve/CVE-2021-29988>), [CVE-2021-29989](<https://vulners.com/cve/CVE-2021-29989>), [CVE-2021-30547](<https://vulners.com/cve/CVE-2021-30547>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-08T23:35:00", "type": "amazon", "title": "Important: thunderbird", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-29980", "CVE-2021-29984", "CVE-2021-29985", "CVE-2021-29986", "CVE-2021-29988", "CVE-2021-29989", "CVE-2021-30547"], "modified": "2021-09-15T17:57:00", "id": "ALAS2-2021-1709", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1709.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-08-17T05:03:17", "description": "### Background\n\nMozilla Thunderbird is a popular open-source email client from the Mozilla project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-91.12.0\"\n \n\nAll Mozilla Thunderbird binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-bin-91.12.0\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-10T00:00:00", "type": "gentoo", "title": "Mozilla Thunderbird: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29967", "CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-29980", "CVE-2021-29984", "CVE-2021-29985", "CVE-2021-29986", "CVE-2021-29988", "CVE-2021-29989", "CVE-2021-30547", "CVE-2021-38492", "CVE-2021-38493", "CVE-2021-38495", "CVE-2021-38503", "CVE-2021-38504", "CVE-2021-38506", "CVE-2021-38507", "CVE-2021-38508", "CVE-2021-38509", "CVE-2021-40529", "CVE-2021-4129", "CVE-2021-4140", "CVE-2021-43528", "CVE-2021-43529", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546", "CVE-2022-0566", "CVE-2022-1196", "CVE-2022-1197", "CVE-2022-1520", "CVE-2022-1529", "CVE-2022-1802", "CVE-2022-1834", "CVE-2022-2200", "CVE-2022-2226", "CVE-2022-22737", "CVE-2022-22738", "CVE-2022-22739", "CVE-2022-22740", "CVE-2022-22741", "CVE-2022-22742", "CVE-2022-22743", "CVE-2022-22745", "CVE-2022-22747", "CVE-2022-22748", "CVE-2022-22751", "CVE-2022-22754", "CVE-2022-22756", "CVE-2022-22759", "CVE-2022-22760", "CVE-2022-22761", "CVE-2022-22763", "CVE-2022-22764", "CVE-2022-24713", "CVE-2022-26381", "CVE-2022-26383", "CVE-2022-26384", "CVE-2022-26386", "CVE-2022-26387", "CVE-2022-26485", "CVE-2022-26486", "CVE-2022-28281", "CVE-2022-28282", "CVE-2022-28285", "CVE-2022-28286", "CVE-2022-28289", "CVE-2022-29909", "CVE-2022-29911", "CVE-2022-29912", "CVE-2022-29913", "CVE-2022-29914", "CVE-2022-29916", "CVE-2022-29917", "CVE-2022-31736", "CVE-2022-31737", "CVE-2022-31738", "CVE-2022-31740", "CVE-2022-31741", "CVE-2022-31742", "CVE-2022-31747", "CVE-2022-34468", "CVE-2022-34470", "CVE-2022-34472", "CVE-2022-34478", "CVE-2022-34479", "CVE-2022-34481", "CVE-2022-34484", "CVE-2022-36318", "CVE-2022-36319"], "modified": "2022-08-10T00:00:00", "id": "GLSA-202208-14", "href": "https://security.gentoo.org/glsa/202208-14", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}