Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.
{"redhatcve": [{"lastseen": "2023-07-08T02:22:45", "description": "Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-12-08T04:56:35", "type": "redhatcve", "title": "CVE-2021-43528", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43528"], "modified": "2023-07-08T02:18:36", "id": "RH:CVE-2021-43528", "href": "https://access.redhat.com/security/cve/cve-2021-43528", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "prion": [{"lastseen": "2023-08-16T07:53:33", "description": "Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-12-08T22:15:00", "type": "prion", "title": "CVE-2021-43528", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43528"], "modified": "2022-12-09T15:30:00", "id": "PRION:CVE-2021-43528", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43528", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2023-06-07T13:40:29", "description": "Thunderbird unexpectedly enabled JavaScript in the composition area. The\nJavaScript execution context was limited to this area and did not receive\nchrome-level privileges, but could be used as a stepping stone to further\nan attack with other vulnerabilities. This vulnerability affects\nThunderbird < 91.4.0.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-12-08T00:00:00", "type": "ubuntucve", "title": "CVE-2021-43528", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43528"], "modified": "2021-12-08T00:00:00", "id": "UB:CVE-2021-43528", "href": "https://ubuntu.com/security/CVE-2021-43528", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "alpinelinux": [{"lastseen": "2023-06-23T11:06:11", "description": "Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-12-08T22:15:00", "type": "alpinelinux", "title": "CVE-2021-43528", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43528"], "modified": "2022-12-09T15:30:00", "id": "ALPINE:CVE-2021-43528", "href": "https://security.alpinelinux.org/vuln/CVE-2021-43528", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2023-05-24T10:12:30", "description": "Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-12-08T22:15:00", "type": "debiancve", "title": "CVE-2021-43528", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43528"], "modified": "2021-12-08T22:15:00", "id": "DEBIANCVE:CVE-2021-43528", "href": "https://security-tracker.debian.org/tracker/CVE-2021-43528", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "veracode": [{"lastseen": "2022-08-14T06:58:32", "description": "thunderbird is vulnerable to remote code execution. The vulnerability exists due to the lack of sanitization of the execution context which allows Javascript to be enabled in the composition area. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-12-10T07:35:33", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43528"], "modified": "2022-08-10T22:23:25", "id": "VERACODE:33228", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33228/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "archlinux": [{"lastseen": "2023-05-23T16:20:51", "description": "Arch Linux Security Advisory ASA-202112-9\n=========================================\n\nSeverity: High\nDate : 2021-12-11\nCVE-ID : CVE-2021-43528 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538\nCVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543\nCVE-2021-43545 CVE-2021-43546\nPackage : thunderbird\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2608\n\nSummary\n=======\n\nThe package thunderbird before version 91.4.0-1 is vulnerable to\nmultiple issues including arbitrary code execution, content spoofing,\ninformation disclosure, incorrect calculation, sandbox escape and\ndenial of service.\n\nResolution\n==========\n\nUpgrade to 91.4.0-1.\n\n# pacman -Syu \"thunderbird>=91.4.0-1\"\n\nThe problems have been fixed upstream in version 91.4.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-43528 (arbitrary code execution)\n\nThunderbird before version 91.4.0 unexpectedly enabled JavaScript in\nthe composition area. The JavaScript execution context was limited to\nthis area and did not receive chrome-level privileges, but could be\nused as a stepping stone to further an attack with other\nvulnerabilities.\n\n- CVE-2021-43536 (information disclosure)\n\nA security issue has been found in Firefox before version 95 and\nThunderbird before version 91.4.0. Under certain circumstances,\nasynchronous functions could have caused a navigation to fail but\nexpose the target URL.\n\n- CVE-2021-43537 (arbitrary code execution)\n\nA security issue has been found in Firefox before version 95 and\nThunderbird before version 91.4.0. An incorrect type conversion of\nsizes from 64bit to 32bit integers allowed an attacker to corrupt\nmemory leading to a potentially exploitable crash.\n\n- CVE-2021-43538 (content spoofing)\n\nA security issue has been found in Firefox before version 95 and\nThunderbird before version 91.4.0. By misusing a race in the\nnotification code, an attacker could have forcefully hidden the\nnotification for pages that had received full screen and pointer lock\naccess, which could have been used for spoofing attacks.\n\n- CVE-2021-43539 (arbitrary code execution)\n\nA security issue has been found in Firefox before version 95 and\nThunderbird before version 91.4.0. Failure to correctly record the\nlocation of live pointers across wasm instance calls resulted in a\ngarbage collection occurring within the call not tracing those live\npointers. This could have led to a use-after-free causing a potentially\nexploitable crash.\n\n- CVE-2021-43541 (incorrect calculation)\n\nA security issue has been found in Firefox before version 95 and\nThunderbird before version 91.4.0. When invoking protocol handlers for\nexternal protocols, a supplied parameter URL containing spaces was not\nproperly escaped.\n\n- CVE-2021-43542 (information disclosure)\n\nA security issue has been found in Firefox before version 95 and\nThunderbird before version 91.4.0. Using XMLHttpRequest, an attacker\ncould have identified installed applications by probing error messages\nfor loading external protocols.\n\n- CVE-2021-43543 (sandbox escape)\n\nA security issue has been found in Firefox before version 95 and\nThunderbird before version 91.4.0. Documents loaded with the CSP\nsandbox directive could have escaped the sandbox's script restriction\nby embedding additional content.\n\n- CVE-2021-43545 (denial of service)\n\nA security issue has been found in Firefox before version 95 and\nThunderbird before version 91.4.0. Using the Location API in a loop\ncould have caused severe application hangs and crashes.\n\n- CVE-2021-43546 (content spoofing)\n\nA security issue has been found in Firefox before version 95 and\nThunderbird before version 91.4.0. It was possible to recreate previous\ncursor spoofing attacks against users with a zoomed native cursor.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code, disclose sensitive\ninformation, spoof content or crash the application through crafted web\ncontent. In general, these flaws cannot be exploited through email\nbecause scripting is disabled when reading mail, but are potentially\nrisks in browser or browser-like contexts.\n\nReferences\n==========\n\nhttps://www.mozilla.org/security/advisories/mfsa2021-54/\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1742579\nhttps://www.mozilla.org/security/advisories/mfsa2021-52/\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1730120\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1738237\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1739091\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1739683\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1696685\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1723281\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1738418\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1720926\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1737751\nhttps://security.archlinux.org/CVE-2021-43528\nhttps://security.archlinux.org/CVE-2021-43536\nhttps://security.archlinux.org/CVE-2021-43537\nhttps://security.archlinux.org/CVE-2021-43538\nhttps://security.archlinux.org/CVE-2021-43539\nhttps://security.archlinux.org/CVE-2021-43541\nhttps://security.archlinux.org/CVE-2021-43542\nhttps://security.archlinux.org/CVE-2021-43543\nhttps://security.archlinux.org/CVE-2021-43545\nhttps://security.archlinux.org/CVE-2021-43546", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-11T00:00:00", "type": "archlinux", "title": "[ASA-202112-9] thunderbird: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2021-12-11T00:00:00", "id": "ASA-202112-9", "href": "https://security.archlinux.org/ASA-202112-9", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2023-05-23T16:29:20", "description": "### *Detect date*:\n12/07/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, cause denial of service, bypass security restrictions, execute arbitrary code.\n\n### *Affected products*:\nMozilla Thunderbird earlier than 91.4.0\n\n### *Solution*:\nUpdate to the latest version \n[Download Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[MFSA2021-54](<https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2021-43541](<https://vulners.com/cve/CVE-2021-43541>)4.3Warning \n[CVE-2021-43542](<https://vulners.com/cve/CVE-2021-43542>)4.3Warning \n[CVE-2021-43545](<https://vulners.com/cve/CVE-2021-43545>)4.3Warning \n[CVE-2021-43536](<https://vulners.com/cve/CVE-2021-43536>)4.3Warning \n[CVE-2021-43543](<https://vulners.com/cve/CVE-2021-43543>)4.3Warning \n[CVE-2021-43537](<https://vulners.com/cve/CVE-2021-43537>)6.8High \n[CVE-2021-43539](<https://vulners.com/cve/CVE-2021-43539>)6.8High \n[CVE-2021-43538](<https://vulners.com/cve/CVE-2021-43538>)4.3Warning \n[CVE-2021-43546](<https://vulners.com/cve/CVE-2021-43546>)4.3Warning \n[CVE-2021-43528](<https://vulners.com/cve/CVE-2021-43528>)4.3Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-07T00:00:00", "type": "kaspersky", "title": "KLA12376 Multiple vulnerabilities in Mozilla Thunderbird", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2021-12-20T00:00:00", "id": "KLA12376", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12376/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:36:33", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:5045 advisory.\n\n - Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n - Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n - Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n - Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n - Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n - Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n - Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)\n\n - Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n - Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n - Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-10T00:00:00", "type": "nessus", "title": "CentOS 8 : thunderbird (CESA-2021:5045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2021-12-30T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:thunderbird"], "id": "CENTOS8_RHSA-2021-5045.NASL", "href": "https://www.tenable.com/plugins/nessus/155996", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:5045. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155996);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/30\");\n\n script_cve_id(\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\"\n );\n script_xref(name:\"RHSA\", value:\"2021:5045\");\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n\n script_name(english:\"CentOS 8 : thunderbird (CESA-2021:5045)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2021:5045 advisory.\n\n - Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n - Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n - Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n - Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n - Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n - Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n - Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler\n (CVE-2021-43542)\n\n - Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n - Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n - Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:5045\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43537\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'thunderbird-91.4.0-2.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-91.4.0-2.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:33", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:5046-1 advisory.\n\n - Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n - Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n - Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n - Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n - Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n - Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)\n\n - Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n - Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n - Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n - Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-10T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2021:5046)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2021-12-30T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:thunderbird", "p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo"], "id": "SL_20211209_THUNDERBIRD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/155972", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155972);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/30\");\n\n script_cve_id(\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n script_xref(name:\"RHSA\", value:\"RHSA-2021:5046\");\n\n script_name(english:\"Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2021:5046)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2021:5046-1 advisory.\n\n - Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Mozilla: URL leakage when navigating\n while executing asynchronous function (CVE-2021-43536)\n\n - Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n - Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n - Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n - Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n - Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler\n (CVE-2021-43542)\n\n - Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n - Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n - Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n - Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20215046-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43539\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nvar os_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\nvar pkgs = [\n {'reference':'thunderbird-91.4.0-3.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-debuginfo-91.4.0-3.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird / thunderbird-debuginfo');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:33", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-5046 advisory.\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43542)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43543)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-10T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : thunderbird (ELSA-2021-5046)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2021-12-30T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2021-5046.NASL", "href": "https://www.tenable.com/plugins/nessus/155993", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-5046.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155993);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/30\");\n\n script_cve_id(\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n\n script_name(english:\"Oracle Linux 7 : thunderbird (ELSA-2021-5046)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-5046 advisory.\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the\n target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory\n leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR <\n 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC\n occurring within the call not tracing those live pointers. This could have led to a use-after-free causing\n a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0,\n and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not\n properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages\n for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43542)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This\n vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for\n pages that had received full screen and pointer lock access, which could have been used for spoofing\n attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by\n embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43543)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was\n limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to\n further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-5046.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43539\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'thunderbird-91.4.0-3.0.1.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-91.4.0-3.0.1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:11", "description": "The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:5045 advisory.\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : thunderbird (ALSA-2021:5045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:thunderbird", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-5045.NASL", "href": "https://www.tenable.com/plugins/nessus/157549", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:5045.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157549);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\"\n );\n script_xref(name:\"ALSA\", value:\"2021:5045\");\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n\n script_name(english:\"AlmaLinux 8 : thunderbird (ALSA-2021:5045)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nALSA-2021:5045 advisory.\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was\n limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to\n further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the\n target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory\n leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR <\n 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for\n pages that had received full screen and pointer lock access, which could have been used for spoofing\n attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC\n occurring within the call not tracing those live pointers. This could have led to a use-after-free causing\n a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0,\n and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not\n properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages\n for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by\n embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This\n vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-5045.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43539\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'thunderbird-91.4.0-2.el8_5.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:17:51", "description": "The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-5045 advisory.\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43542)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43543)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-10T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : thunderbird (ELSA-2021-5045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2021-12-30T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:thunderbird"], "id": "ORACLELINUX_ELSA-2021-5045.NASL", "href": "https://www.tenable.com/plugins/nessus/155991", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-5045.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155991);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/30\");\n\n script_cve_id(\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n\n script_name(english:\"Oracle Linux 8 : thunderbird (ELSA-2021-5045)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-5045 advisory.\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the\n target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory\n leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR <\n 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC\n occurring within the call not tracing those live pointers. This could have led to a use-after-free causing\n a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0,\n and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not\n properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages\n for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43542)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This\n vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for\n pages that had received full screen and pointer lock access, which could have been used for spoofing\n attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by\n embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43543)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was\n limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to\n further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-5045.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43539\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'thunderbird-91.4.0-2.0.1.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-91.4.0-2.0.1.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:26:40", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:5045 advisory.\n\n - Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (CVE-2021-4129)\n\n - Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n - Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n - Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n - Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n - Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n - Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n - Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)\n\n - Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n - Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n - Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-10T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2021:5045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4129", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2021-5045.NASL", "href": "https://www.tenable.com/plugins/nessus/155988", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:5045. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155988);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-4129\",\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\"\n );\n script_xref(name:\"RHSA\", value:\"2021:5045\");\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2021:5045)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:5045 advisory.\n\n - Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (CVE-2021-4129)\n\n - Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n - Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n - Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n - Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n - Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n - Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n - Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler\n (CVE-2021-43542)\n\n - Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n - Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n - Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:5045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030106\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030137\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43539\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-4129\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 120, 209, 281, 416, 428, 835, 1021);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-91.4.0-2.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-91.4.0-2.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:26:52", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:5047 advisory.\n\n - Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (CVE-2021-4129)\n\n - Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n - Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n - Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n - Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n - Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n - Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n - Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)\n\n - Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n - Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n - Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-10T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2021:5047)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4129", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2021-5047.NASL", "href": "https://www.tenable.com/plugins/nessus/155983", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:5047. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155983);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\"\n );\n script_xref(name:\"RHSA\", value:\"2021:5047\");\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2021:5047)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:5047 advisory.\n\n - Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (CVE-2021-4129)\n\n - Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n - Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n - Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n - Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n - Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n - Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n - Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler\n (CVE-2021-43542)\n\n - Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n - Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n - Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:5047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030106\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030137\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43539\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 120, 209, 281, 416, 428, 835, 1021);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-91.4.0-2.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-91.4.0-2.el8_2', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-91.4.0-2.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:26:53", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:5046 advisory.\n\n - Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (CVE-2021-4129)\n\n - Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n - Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n - Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n - Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n - Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n - Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n - Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)\n\n - Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n - Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n - Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-10T00:00:00", "type": "nessus", "title": "RHEL 7 : thunderbird (RHSA-2021:5046)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4129", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2021-5046.NASL", "href": "https://www.tenable.com/plugins/nessus/155974", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:5046. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155974);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\"\n );\n script_xref(name:\"RHSA\", value:\"2021:5046\");\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n\n script_name(english:\"RHEL 7 : thunderbird (RHSA-2021:5046)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:5046 advisory.\n\n - Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (CVE-2021-4129)\n\n - Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n - Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n - Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n - Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n - Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n - Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n - Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler\n (CVE-2021-43542)\n\n - Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n - Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n - Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:5046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030106\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030137\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43539\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 120, 209, 281, 416, 428, 835, 1021);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-91.4.0-3.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-91.4.0-3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:07", "description": "The version of Thunderbird installed on the remote Windows host is prior to 91.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-54 advisory.\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n (CVE-2021-43546)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. (CVE-2021-43528)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-08T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 91.4.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4129", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2023-01-10T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_91_4_0.NASL", "href": "https://www.tenable.com/plugins/nessus/155919", "sourceData": "#%NASL_MIN_LEVEL 70300\n## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2021-54.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155919);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/10\");\n\n script_cve_id(\n \"CVE-2021-4129\",\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\"\n );\n\n script_name(english:\"Mozilla Thunderbird < 91.4.0\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote Windows host is prior to 91.4.0. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the mfsa2021-54 advisory.\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the\n target URL. (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory\n leading to a potentially exploitable crash. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for\n pages that had received full screen and pointer lock access, which could have been used for spoofing\n attacks. (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC\n occurring within the call not tracing those live pointers. This could have led to a use-after-free causing\n a potentially exploitable crash. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not\n properly escaped. (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages\n for loading external protocols. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by\n embedding additional content. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n (CVE-2021-43546)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was\n limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to\n further an attack with other vulnerabilities. (CVE-2021-43528)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 91.4.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43539\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-4129\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nvar port = get_kb_item('SMB/transport');\nif (!port) port = 445;\n\nvar installs = get_kb_list('SMB/Mozilla/Thunderbird/*');\nif (isnull(installs)) audit(AUDIT_NOT_INST, 'Thunderbird');\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'91.4.0', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:26:41", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:5055 advisory.\n\n - Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (CVE-2021-4129)\n\n - Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n - Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n - Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n - Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n - Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n - Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n - Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)\n\n - Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n - Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n - Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-10T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2021:5055)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4129", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2021-5055.NASL", "href": "https://www.tenable.com/plugins/nessus/155995", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:5055. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155995);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\"\n );\n script_xref(name:\"RHSA\", value:\"2021:5055\");\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2021:5055)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:5055 advisory.\n\n - Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (CVE-2021-4129)\n\n - Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n - Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n - Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n - Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n - Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n - Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n - Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler\n (CVE-2021-43542)\n\n - Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n - Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n - Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:5055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030106\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030137\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43539\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 120, 209, 281, 416, 428, 835, 1021);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-91.4.0-2.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-91.4.0-2.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:27:18", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:5048 advisory.\n\n - Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (CVE-2021-4129)\n\n - Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n - Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n - Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n - Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n - Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n - Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n - Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)\n\n - Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n - Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n - Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-10T00:00:00", "type": "nessus", "title": "RHEL 8 : thunderbird (RHSA-2021:5048)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4129", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:thunderbird"], "id": "REDHAT-RHSA-2021-5048.NASL", "href": "https://www.tenable.com/plugins/nessus/155976", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:5048. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155976);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-4129\",\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\"\n );\n script_xref(name:\"RHSA\", value:\"2021:5048\");\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n\n script_name(english:\"RHEL 8 : thunderbird (RHSA-2021:5048)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:5048 advisory.\n\n - Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (CVE-2021-4129)\n\n - Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n - Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n - Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n - Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n - Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n - Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n - Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler\n (CVE-2021-43542)\n\n - Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n - Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n - Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:5048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030106\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030116\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030137\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43539\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-4129\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 120, 209, 281, 416, 428, 835, 1021);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'thunderbird-91.4.0-2.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:43", "description": "The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-54 advisory.\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n (CVE-2021-43546)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. (CVE-2021-43528)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-08T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 91.4.0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4129", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2023-01-10T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOS_THUNDERBIRD_91_4_0.NASL", "href": "https://www.tenable.com/plugins/nessus/155920", "sourceData": "#%NASL_MIN_LEVEL 70300\n## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2021-54.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155920);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/10\");\n\n script_cve_id(\n \"CVE-2021-4129\",\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\"\n );\n\n script_name(english:\"Mozilla Thunderbird < 91.4.0\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.4.0. It is, therefore, affected\nby multiple vulnerabilities as referenced in the mfsa2021-54 advisory.\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the\n target URL. (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory\n leading to a potentially exploitable crash. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for\n pages that had received full screen and pointer lock access, which could have been used for spoofing\n attacks. (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC\n occurring within the call not tracing those live pointers. This could have led to a use-after-free causing\n a potentially exploitable crash. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not\n properly escaped. (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages\n for loading external protocols. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by\n embedding additional content. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n (CVE-2021-43546)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was\n limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to\n further an attack with other vulnerabilities. (CVE-2021-43528)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 91.4.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43539\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-4129\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nvar kb_base = 'MacOSX/Thunderbird';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nvar version = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\nvar path = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nvar is_esr = get_kb_item(kb_base+'/is_esr');\nif (is_esr) exit(0, 'The Mozilla Thunderbird installation is in the ESR branch.');\n\nmozilla_check_version(version:version, path:path, product:'thunderbird', esr:FALSE, fix:'91.4.0', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-15T15:39:33", "description": "The remote Ubuntu 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5246-1 advisory.\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\n - The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web. (CVE-2021-44538)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-22T00:00:00", "type": "nessus", "title": "Ubuntu 21.10 : Thunderbird vulnerabilities (USN-5246-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4126", "CVE-2021-4129", "CVE-2021-4140", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546", "CVE-2021-44538", "CVE-2022-22737", "CVE-2022-22738", "CVE-2022-22739", "CVE-2022-22740", "CVE-2022-22741", "CVE-2022-22742", "CVE-2022-22743", "CVE-2022-22745", "CVE-2022-22747", "CVE-2022-22748", "CVE-2022-22751"], "modified": "2023-07-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:21.10", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-af", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ar", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ast", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-be", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bg", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn-bd", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-br", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ca", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cak", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cs", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-da", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-de", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-dsb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-el", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-gb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-us", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-ar", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-es", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-et", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-eu", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fa", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fi", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy-nl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga-ie", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gd", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-he", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hsb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hu", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-id", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-is", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-it", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ja", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ka", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kab", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ko", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lv", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-mk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ms", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb-no", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn-no", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa-in", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-br", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-pt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-rm", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ro", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ru", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-si", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sq", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv-se", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta-lk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-th", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-tr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uz", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-vi", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-cn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hans", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hant", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-tw", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-mozsymbols", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-calendar-timezones", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-gdata-provider", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-lightning"], "id": "UBUNTU_USN-5246-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156962", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5246-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156962);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/10\");\n\n script_cve_id(\n \"CVE-2021-4126\",\n \"CVE-2021-4129\",\n \"CVE-2021-4140\",\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\",\n \"CVE-2021-44538\",\n \"CVE-2022-22737\",\n \"CVE-2022-22738\",\n \"CVE-2022-22739\",\n \"CVE-2022-22740\",\n \"CVE-2022-22741\",\n \"CVE-2022-22742\",\n \"CVE-2022-22743\",\n \"CVE-2022-22745\",\n \"CVE-2022-22747\",\n \"CVE-2022-22748\",\n \"CVE-2022-22751\"\n );\n script_xref(name:\"USN\", value:\"5246-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0603-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0017-S\");\n\n script_name(english:\"Ubuntu 21.10 : Thunderbird vulnerabilities (USN-5246-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nUSN-5246-1 advisory.\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was\n limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to\n further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the\n target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory\n leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR <\n 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for\n pages that had received full screen and pointer lock access, which could have been used for spoofing\n attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC\n occurring within the call not tracing those live pointers. This could have led to a use-after-free causing\n a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0,\n and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not\n properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages\n for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by\n embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This\n vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\n - The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The\n Olm session object represents a cryptographic channel between two parties. Therefore, its state is\n partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of\n messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a\n buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were\n undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces\n and digits. The known affected products are Element Web And SchildiChat Web. (CVE-2021-44538)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5246-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44538\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-4140\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-us\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-mozsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-calendar-timezones\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-gdata-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-lightning\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('21.10' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 21.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '21.10', 'pkgname': 'thunderbird', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-dev', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-gnome-support', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-af', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-ar', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-ast', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-be', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-bg', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-bn', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-bn-bd', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-br', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-ca', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-cak', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-cs', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-cy', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-da', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-de', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-dsb', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-el', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-en', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-en-gb', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-en-us', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-es', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-es-ar', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-es-es', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-et', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-eu', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-fa', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-fi', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-fr', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-fy', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-fy-nl', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-ga', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-ga-ie', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-gd', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-gl', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-he', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-hr', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-hsb', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-hu', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-hy', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-id', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-is', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-it', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-ja', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-ka', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-kab', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-kk', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-ko', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-lt', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-lv', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-mk', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-ms', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-nb', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-nb-no', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-nl', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-nn', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-nn-no', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-pa', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-pa-in', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-pl', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-pt', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-pt-br', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-pt-pt', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-rm', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-ro', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-ru', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-si', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-sk', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-sl', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-sq', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-sr', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-sv', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-sv-se', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-ta', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-ta-lk', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-th', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-tr', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-uk', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-uz', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-vi', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-zh-cn', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-zh-hans', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-zh-hant', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-locale-zh-tw', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'thunderbird-mozsymbols', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'xul-ext-calendar-timezones', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'xul-ext-gdata-provider', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'xul-ext-lightning', 'pkgver': '1:91.5.0+build1-0ubuntu0.21.10.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird / thunderbird-dev / thunderbird-gnome-support / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-25T14:46:53", "description": "The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5034 advisory.\n\n - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38496)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38500)\n\n - Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2. (CVE-2021-38502)\n\n - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38503)\n\n - When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after- free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38504)\n\n - Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38506)\n\n - The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38507)\n\n - By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38508)\n\n - Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.\n (CVE-2021-38509)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-43534)\n\n - A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-43535)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\n - The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web. (CVE-2021-44538)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-03T00:00:00", "type": "nessus", "title": "Debian DSA-5034-1 : thunderbird - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38496", "CVE-2021-38500", "CVE-2021-38502", "CVE-2021-38503", "CVE-2021-38504", "CVE-2021-38506", "CVE-2021-38507", "CVE-2021-38508", "CVE-2021-38509", "CVE-2021-4126", "CVE-2021-43528", "CVE-2021-43529", "CVE-2021-43534", "CVE-2021-43535", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546", "CVE-2021-44538"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:calendar-google-provider", "p-cpe:/a:debian:debian_linux:lightning", "p-cpe:/a:debian:debian_linux:thunderbird", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-af", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-all", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-be", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cak", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cy", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-da", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-de", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-el", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-ca", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-et", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-he", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-id", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-is", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-it", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ka", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-kk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-lv", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ms", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pa-in", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-si", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-th", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-uz", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5034.NASL", "href": "https://www.tenable.com/plugins/nessus/156451", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5034. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156451);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2021-4126\",\n \"CVE-2021-38496\",\n \"CVE-2021-38500\",\n \"CVE-2021-38502\",\n \"CVE-2021-38503\",\n \"CVE-2021-38504\",\n \"CVE-2021-38506\",\n \"CVE-2021-38507\",\n \"CVE-2021-38508\",\n \"CVE-2021-38509\",\n \"CVE-2021-43528\",\n \"CVE-2021-43529\",\n \"CVE-2021-43534\",\n \"CVE-2021-43535\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\",\n \"CVE-2021-44538\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0461-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0527-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0603-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0450-S\");\n\n script_name(english:\"Debian DSA-5034-1 : thunderbird - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5034 advisory.\n\n - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in\n memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15,\n Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38496)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2,\n Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38500)\n\n - Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could\n perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated\n session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was\n configured, the MITM could obtain the authentication credentials, too. This vulnerability affects\n Thunderbird < 91.2. (CVE-2021-38502)\n\n - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass\n restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects\n Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38503)\n\n - When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-\n free could have resulted, leading to memory corruption and a potentially exploitable crash. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38504)\n\n - Through a series of navigations, Firefox could have entered fullscreen mode without notification or\n warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38506)\n\n - The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded\n to TLS while retaining the visual properties of an HTTP connection, including being same-origin with\n unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port\n 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the\n browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin\n with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38507)\n\n - By displaying a form validity message in the correct location at the same time as a permission prompt\n (such as for geolocation), the validity message could have obscured the prompt, resulting in the user\n potentially being tricked into granting the permission. This vulnerability affects Firefox < 94,\n Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38508)\n\n - Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary\n (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's\n choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.\n (CVE-2021-38509)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was\n limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to\n further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR\n 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some\n of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94,\n Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-43534)\n\n - A use-after-free could have occured when an HTTP2 session object was released on a different thread,\n leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93,\n Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-43535)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the\n target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory\n leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR <\n 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for\n pages that had received full screen and pointer lock access, which could have been used for spoofing\n attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC\n occurring within the call not tracing those live pointers. This could have led to a use-after-free causing\n a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0,\n and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not\n properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages\n for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by\n embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This\n vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\n - The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The\n Olm session object represents a cryptographic channel between two parties. Therefore, its state is\n partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of\n messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a\n buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were\n undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces\n and digits. The known affected products are Element Web And SchildiChat Web. (CVE-2021-44538)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/thunderbird\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-44538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/thunderbird\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/thunderbird\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the thunderbird packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44538\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-38503\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:calendar-google-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+|^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0 / 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'calendar-google-provider', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'lightning', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-af', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-all', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ar', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ast', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-be', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-bg', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-br', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ca', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-cak', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-cs', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-cy', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-da', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-de', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-dsb', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-el', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-en-ca', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-en-gb', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-es-ar', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-es-es', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-et', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-eu', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-fi', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-fr', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-fy-nl', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ga-ie', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-gd', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-gl', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-he', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-hr', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-hsb', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-hu', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-hy-am', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-id', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-is', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-it', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ja', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ka', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-kab', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-kk', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ko', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-lt', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-lv', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ms', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-nb-no', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-nl', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-nn-no', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-pa-in', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-pl', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-pt-br', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-pt-pt', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-rm', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ro', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-ru', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-si', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-sk', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-sl', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-sq', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-sr', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-sv-se', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-th', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-tr', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-uk', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-uz', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-vi', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-zh-cn', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '10.0', 'prefix': 'thunderbird-l10n-zh-tw', 'reference': '1:91.4.1-1~deb10u1'},\n {'release': '11.0', 'prefix': 'calendar-google-provider', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'lightning', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-af', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-all', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-ar', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-ast', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-be', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-bg', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-br', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-ca', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-cak', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-cs', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-cy', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-da', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-de', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-dsb', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-el', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-en-ca', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-en-gb', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-es-ar', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-es-es', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-et', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-eu', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-fi', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-fr', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-fy-nl', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-ga-ie', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-gd', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-gl', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-he', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-hr', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-hsb', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-hu', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-hy-am', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-id', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-is', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-it', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-ja', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-ka', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-kab', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-kk', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-ko', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-lt', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-lv', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-ms', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-nb-no', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-nl', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-nn-no', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-pa-in', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-pl', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-pt-br', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-pt-pt', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-rm', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-ro', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-ru', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-si', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-sk', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-sl', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-sq', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-sr', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-sv-se', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-th', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-tr', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-uk', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-uz', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-vi', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-zh-cn', 'reference': '1:91.4.1-1~deb11u1'},\n {'release': '11.0', 'prefix': 'thunderbird-l10n-zh-tw', 'reference': '1:91.4.1-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'calendar-google-provider / lightning / thunderbird / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T15:18:15", "description": "The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2874 advisory.\n\n - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38496)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38500)\n\n - Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2. (CVE-2021-38502)\n\n - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38503)\n\n - When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after- free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38504)\n\n - Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38506)\n\n - The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38507)\n\n - By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38508)\n\n - Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.\n (CVE-2021-38509)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-43534)\n\n - A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-43535)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\n - The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web. (CVE-2021-44538)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-04T00:00:00", "type": "nessus", "title": "Debian DLA-2874-1 : thunderbird - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38496", "CVE-2021-38500", "CVE-2021-38502", "CVE-2021-38503", "CVE-2021-38504", "CVE-2021-38506", "CVE-2021-38507", "CVE-2021-38508", "CVE-2021-38509", "CVE-2021-4126", "CVE-2021-43528", "CVE-2021-43529", "CVE-2021-43534", "CVE-2021-43535", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546", "CVE-2021-44538"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:calendar-google-provider", "p-cpe:/a:debian:debian_linux:icedove", "p-cpe:/a:debian:debian_linux:icedove-dbg", "p-cpe:/a:debian:debian_linux:icedove-dev", "p-cpe:/a:debian:debian_linux:icedove-l10n-all", "p-cpe:/a:debian:debian_linux:icedove-l10n-ar", "p-cpe:/a:debian:debian_linux:icedove-l10n-ast", "p-cpe:/a:debian:debian_linux:icedove-l10n-be", "p-cpe:/a:debian:debian_linux:icedove-l10n-bg", "p-cpe:/a:debian:debian_linux:icedove-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:icedove-l10n-br", "p-cpe:/a:debian:debian_linux:icedove-l10n-ca", "p-cpe:/a:debian:debian_linux:icedove-l10n-cs", "p-cpe:/a:debian:debian_linux:icedove-l10n-da", "p-cpe:/a:debian:debian_linux:icedove-l10n-de", "p-cpe:/a:debian:debian_linux:icedove-l10n-dsb", "p-cpe:/a:debian:debian_linux:icedove-l10n-el", "p-cpe:/a:debian:debian_linux:icedove-l10n-en-gb", "p-cpe:/a:debian:debian_linux:icedove-l10n-es-ar", "p-cpe:/a:debian:debian_linux:icedove-l10n-es-es", "p-cpe:/a:debian:debian_linux:icedove-l10n-et", "p-cpe:/a:debian:debian_linux:icedove-l10n-eu", "p-cpe:/a:debian:debian_linux:icedove-l10n-fi", "p-cpe:/a:debian:debian_linux:icedove-l10n-fr", "p-cpe:/a:debian:debian_linux:icedove-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:icedove-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:icedove-l10n-gd", "p-cpe:/a:debian:debian_linux:icedove-l10n-gl", "p-cpe:/a:debian:debian_linux:icedove-l10n-he", "p-cpe:/a:debian:debian_linux:icedove-l10n-hr", "p-cpe:/a:debian:debian_linux:icedove-l10n-hsb", "p-cpe:/a:debian:debian_linux:icedove-l10n-hu", "p-cpe:/a:debian:debian_linux:icedove-l10n-hy-am", "p-cpe:/a:debian:debian_linux:icedove-l10n-id", "p-cpe:/a:debian:debian_linux:icedove-l10n-is", "p-cpe:/a:debian:debian_linux:icedove-l10n-it", "p-cpe:/a:debian:debian_linux:icedove-l10n-ja", "p-cpe:/a:debian:debian_linux:icedove-l10n-kab", "p-cpe:/a:debian:debian_linux:icedove-l10n-ko", "p-cpe:/a:debian:debian_linux:icedove-l10n-lt", "p-cpe:/a:debian:debian_linux:icedove-l10n-nb-no", "p-cpe:/a:debian:debian_linux:icedove-l10n-nl", "p-cpe:/a:debian:debian_linux:icedove-l10n-nn-no", "p-cpe:/a:debian:debian_linux:icedove-l10n-pa-in", "p-cpe:/a:debian:debian_linux:icedove-l10n-pl", "p-cpe:/a:debian:debian_linux:icedove-l10n-pt-br", "p-cpe:/a:debian:debian_linux:icedove-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:icedove-l10n-rm", "p-cpe:/a:debian:debian_linux:icedove-l10n-ro", "p-cpe:/a:debian:debian_linux:icedove-l10n-ru", "p-cpe:/a:debian:debian_linux:icedove-l10n-si", "p-cpe:/a:debian:debian_linux:icedove-l10n-sk", "p-cpe:/a:debian:debian_linux:icedove-l10n-sl", "p-cpe:/a:debian:debian_linux:icedove-l10n-sq", "p-cpe:/a:debian:debian_linux:icedove-l10n-sr", "p-cpe:/a:debian:debian_linux:icedove-l10n-sv-se", "p-cpe:/a:debian:debian_linux:icedove-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:icedove-l10n-tr", "p-cpe:/a:debian:debian_linux:icedove-l10n-uk", "p-cpe:/a:debian:debian_linux:icedove-l10n-vi", "p-cpe:/a:debian:debian_linux:icedove-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:icedove-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:iceowl-extension", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ar", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ast", "p-cpe:/a:debian:debian_linux:iceowl-l10n-be", "p-cpe:/a:debian:debian_linux:iceowl-l10n-bg", "p-cpe:/a:debian:debian_linux:iceowl-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:iceowl-l10n-br", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ca", "p-cpe:/a:debian:debian_linux:iceowl-l10n-cs", "p-cpe:/a:debian:debian_linux:iceowl-l10n-cy", "p-cpe:/a:debian:debian_linux:iceowl-l10n-da", "p-cpe:/a:debian:debian_linux:iceowl-l10n-de", "p-cpe:/a:debian:debian_linux:iceowl-l10n-dsb", "p-cpe:/a:debian:debian_linux:iceowl-l10n-el", "p-cpe:/a:debian:debian_linux:iceowl-l10n-en-gb", "p-cpe:/a:debian:debian_linux:iceowl-l10n-es-ar", "p-cpe:/a:debian:debian_linux:iceowl-l10n-es-es", "p-cpe:/a:debian:debian_linux:iceowl-l10n-et", "p-cpe:/a:debian:debian_linux:iceowl-l10n-eu", "p-cpe:/a:debian:debian_linux:iceowl-l10n-fi", "p-cpe:/a:debian:debian_linux:iceowl-l10n-fr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:iceowl-l10n-gd", "p-cpe:/a:debian:debian_linux:iceowl-l10n-gl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-he", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hsb", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hu", "p-cpe:/a:debian:debian_linux:iceowl-l10n-hy-am", "p-cpe:/a:debian:debian_linux:iceowl-l10n-id", "p-cpe:/a:debian:debian_linux:iceowl-l10n-is", "p-cpe:/a:debian:debian_linux:iceowl-l10n-it", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ja", "p-cpe:/a:debian:debian_linux:iceowl-l10n-kab", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ko", "p-cpe:/a:debian:debian_linux:iceowl-l10n-lt", "p-cpe:/a:debian:debian_linux:iceowl-l10n-nb-no", "p-cpe:/a:debian:debian_linux:iceowl-l10n-nl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-nn-no", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pa-in", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-br", "p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:iceowl-l10n-rm", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ro", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ru", "p-cpe:/a:debian:debian_linux:iceowl-l10n-si", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sl", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sq", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-sv-se", "p-cpe:/a:debian:debian_linux:iceowl-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-tr", "p-cpe:/a:debian:debian_linux:iceowl-l10n-uk", "p-cpe:/a:debian:debian_linux:iceowl-l10n-vi", "p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:lightning", "p-cpe:/a:debian:debian_linux:lightning-l10n-ar", "p-cpe:/a:debian:debian_linux:lightning-l10n-ast", "p-cpe:/a:debian:debian_linux:lightning-l10n-be", "p-cpe:/a:debian:debian_linux:lightning-l10n-bg", "p-cpe:/a:debian:debian_linux:lightning-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:lightning-l10n-br", "p-cpe:/a:debian:debian_linux:lightning-l10n-ca", "p-cpe:/a:debian:debian_linux:lightning-l10n-cs", "p-cpe:/a:debian:debian_linux:lightning-l10n-cy", "p-cpe:/a:debian:debian_linux:lightning-l10n-da", "p-cpe:/a:debian:debian_linux:lightning-l10n-de", "p-cpe:/a:debian:debian_linux:lightning-l10n-dsb", "p-cpe:/a:debian:debian_linux:lightning-l10n-el", "p-cpe:/a:debian:debian_linux:lightning-l10n-en-gb", "p-cpe:/a:debian:debian_linux:lightning-l10n-es-ar", "p-cpe:/a:debian:debian_linux:lightning-l10n-es-es", "p-cpe:/a:debian:debian_linux:lightning-l10n-et", "p-cpe:/a:debian:debian_linux:lightning-l10n-eu", "p-cpe:/a:debian:debian_linux:lightning-l10n-fi", "p-cpe:/a:debian:debian_linux:lightning-l10n-fr", "p-cpe:/a:debian:debian_linux:lightning-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:lightning-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:lightning-l10n-gd", "p-cpe:/a:debian:debian_linux:lightning-l10n-gl", "p-cpe:/a:debian:debian_linux:lightning-l10n-he", "p-cpe:/a:debian:debian_linux:lightning-l10n-hr", "p-cpe:/a:debian:debian_linux:lightning-l10n-hsb", "p-cpe:/a:debian:debian_linux:lightning-l10n-hu", "p-cpe:/a:debian:debian_linux:lightning-l10n-hy-am", "p-cpe:/a:debian:debian_linux:lightning-l10n-id", "p-cpe:/a:debian:debian_linux:lightning-l10n-is", "p-cpe:/a:debian:debian_linux:lightning-l10n-it", "p-cpe:/a:debian:debian_linux:lightning-l10n-ja", "p-cpe:/a:debian:debian_linux:lightning-l10n-kab", "p-cpe:/a:debian:debian_linux:lightning-l10n-kk", "p-cpe:/a:debian:debian_linux:lightning-l10n-ko", "p-cpe:/a:debian:debian_linux:lightning-l10n-lt", "p-cpe:/a:debian:debian_linux:lightning-l10n-ms", "p-cpe:/a:debian:debian_linux:lightning-l10n-nb-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-nl", "p-cpe:/a:debian:debian_linux:lightning-l10n-nn-no", "p-cpe:/a:debian:debian_linux:lightning-l10n-pa-in", "p-cpe:/a:debian:debian_linux:lightning-l10n-pl", "p-cpe:/a:debian:debian_linux:lightning-l10n-pt-br", "p-cpe:/a:debian:debian_linux:lightning-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:lightning-l10n-rm", "p-cpe:/a:debian:debian_linux:lightning-l10n-ro", "p-cpe:/a:debian:debian_linux:lightning-l10n-ru", "p-cpe:/a:debian:debian_linux:lightning-l10n-si", "p-cpe:/a:debian:debian_linux:lightning-l10n-sk", "p-cpe:/a:debian:debian_linux:lightning-l10n-sl", "p-cpe:/a:debian:debian_linux:lightning-l10n-sq", "p-cpe:/a:debian:debian_linux:lightning-l10n-sr", "p-cpe:/a:debian:debian_linux:lightning-l10n-sv-se", "p-cpe:/a:debian:debian_linux:lightning-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:lightning-l10n-tr", "p-cpe:/a:debian:debian_linux:lightning-l10n-uk", "p-cpe:/a:debian:debian_linux:lightning-l10n-vi", "p-cpe:/a:debian:debian_linux:lightning-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:lightning-l10n-zh-tw", "p-cpe:/a:debian:debian_linux:thunderbird", "p-cpe:/a:debian:debian_linux:thunderbird-dbg", "p-cpe:/a:debian:debian_linux:thunderbird-dev", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-af", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-all", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-be", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-bn-bd", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cak", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-cy", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-da", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-de", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-el", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-ca", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-et", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-he", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-id", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-is", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-it", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ka", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-kk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-lv", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ms", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pa-in", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-si", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-ta-lk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-th", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-uz", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn", "p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2874.NASL", "href": "https://www.tenable.com/plugins/nessus/156457", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2874. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156457);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2021-4126\",\n \"CVE-2021-38496\",\n \"CVE-2021-38500\",\n \"CVE-2021-38502\",\n \"CVE-2021-38503\",\n \"CVE-2021-38504\",\n \"CVE-2021-38506\",\n \"CVE-2021-38507\",\n \"CVE-2021-38508\",\n \"CVE-2021-38509\",\n \"CVE-2021-43528\",\n \"CVE-2021-43529\",\n \"CVE-2021-43534\",\n \"CVE-2021-43535\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\",\n \"CVE-2021-44538\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0461-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0527-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0603-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0450-S\");\n\n script_name(english:\"Debian DLA-2874-1 : thunderbird - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-2874 advisory.\n\n - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in\n memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15,\n Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38496)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2,\n Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38500)\n\n - Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could\n perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated\n session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was\n configured, the MITM could obtain the authentication credentials, too. This vulnerability affects\n Thunderbird < 91.2. (CVE-2021-38502)\n\n - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass\n restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects\n Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38503)\n\n - When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-\n free could have resulted, leading to memory corruption and a potentially exploitable crash. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38504)\n\n - Through a series of navigations, Firefox could have entered fullscreen mode without notification or\n warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38506)\n\n - The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded\n to TLS while retaining the visual properties of an HTTP connection, including being same-origin with\n unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port\n 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the\n browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin\n with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38507)\n\n - By displaying a form validity message in the correct location at the same time as a permission prompt\n (such as for geolocation), the validity message could have obscured the prompt, resulting in the user\n potentially being tricked into granting the permission. This vulnerability affects Firefox < 94,\n Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38508)\n\n - Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary\n (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's\n choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.\n (CVE-2021-38509)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was\n limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to\n further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR\n 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some\n of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94,\n Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-43534)\n\n - A use-after-free could have occured when an HTTP2 session object was released on a different thread,\n leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93,\n Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-43535)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the\n target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory\n leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR <\n 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for\n pages that had received full screen and pointer lock access, which could have been used for spoofing\n attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC\n occurring within the call not tracing those live pointers. This could have led to a use-after-free causing\n a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0,\n and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not\n properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages\n for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by\n embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This\n vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\n - The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The\n Olm session object represents a cryptographic channel between two parties. Therefore, its state is\n partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of\n messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a\n buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were\n undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces\n and digits. The known affected products are Element Web And SchildiChat Web. (CVE-2021-44538)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/thunderbird\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-2874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-44538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/thunderbird\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the thunderbird packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44538\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-38503\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:calendar-google-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedove-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-extension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:iceowl-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lightning-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-hy-am\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:thunderbird-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'calendar-google-provider', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-dbg', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-dev', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-all', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ar', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ast', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-be', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-bg', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-bn-bd', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-br', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ca', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-cs', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-da', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-de', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-dsb', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-el', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-en-gb', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-es-ar', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-es-es', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-et', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-eu', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-fi', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-fr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-fy-nl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ga-ie', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-gd', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-gl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-he', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-hr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-hsb', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-hu', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-hy-am', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-id', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-is', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-it', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ja', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-kab', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ko', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-lt', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-nb-no', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-nl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-nn-no', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-pa-in', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-pl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-pt-br', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-pt-pt', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-rm', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ro', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ru', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-si', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-sk', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-sl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-sq', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-sr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-sv-se', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-ta-lk', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-tr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-uk', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-vi', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-zh-cn', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'icedove-l10n-zh-tw', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-extension', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ar', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ast', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-be', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-bg', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-bn-bd', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-br', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ca', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-cs', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-cy', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-da', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-de', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-dsb', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-el', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-en-gb', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-es-ar', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-es-es', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-et', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-eu', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-fi', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-fr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-fy-nl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ga-ie', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-gd', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-gl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-he', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-hr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-hsb', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-hu', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-hy-am', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-id', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-is', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-it', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ja', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-kab', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ko', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-lt', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-nb-no', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-nl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-nn-no', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-pa-in', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-pl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-pt-br', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-pt-pt', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-rm', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ro', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ru', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-si', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-sk', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-sl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-sq', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-sr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-sv-se', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-ta-lk', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-tr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-uk', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-vi', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-zh-cn', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'iceowl-l10n-zh-tw', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ar', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ast', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-be', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-bg', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-bn-bd', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-br', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ca', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-cs', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-cy', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-da', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-de', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-dsb', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-el', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-en-gb', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-es-ar', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-es-es', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-et', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-eu', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-fi', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-fr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-fy-nl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ga-ie', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-gd', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-gl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-he', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-hr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-hsb', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-hu', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-hy-am', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-id', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-is', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-it', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ja', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-kab', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-kk', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ko', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-lt', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ms', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-nb-no', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-nl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-nn-no', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-pa-in', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-pl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-pt-br', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-pt-pt', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-rm', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ro', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ru', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-si', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-sk', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-sl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-sq', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-sr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-sv-se', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-ta-lk', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-tr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-uk', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-vi', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-zh-cn', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'lightning-l10n-zh-tw', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-dbg', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-dev', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-af', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-all', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ar', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ast', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-be', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-bg', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-bn-bd', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-br', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ca', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-cak', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-cs', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-cy', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-da', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-de', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-dsb', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-el', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-en-ca', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-en-gb', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-es-ar', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-es-es', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-et', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-eu', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-fi', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-fr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-fy-nl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ga-ie', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-gd', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-gl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-he', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-hr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-hsb', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-hu', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-hy-am', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-id', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-is', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-it', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ja', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ka', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-kab', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-kk', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ko', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-lt', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-lv', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ms', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-nb-no', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-nl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-nn-no', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-pa-in', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-pl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-pt-br', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-pt-pt', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-rm', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ro', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ru', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-si', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-sk', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-sl', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-sq', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-sr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-sv-se', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-ta-lk', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-th', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-tr', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-uk', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-uz', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-vi', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-zh-cn', 'reference': '1:91.4.1-1~deb9u1'},\n {'release': '9.0', 'prefix': 'thunderbird-l10n-zh-tw', 'reference': '1:91.4.1-1~deb9u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'calendar-google-provider / icedove / icedove-dbg / icedove-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:48:09", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1635-1 advisory.\n\n - An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29981)\n\n - Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29982)\n\n - After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29987)\n\n - Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1. (CVE-2021-29991)\n\n - crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. (CVE-2021-32810)\n\n - When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.\n (CVE-2021-38492)\n\n - Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. (CVE-2021-38493)\n\n - Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.\n (CVE-2021-38495)\n\n - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38496)\n\n - Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38497)\n\n - During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38498)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38500)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38501)\n\n - Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2. (CVE-2021-38502)\n\n - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38503)\n\n - When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after- free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38504)\n\n - Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios.\n Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38505)\n\n - Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38506)\n\n - The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38507)\n\n - By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38508)\n\n - Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.\n (CVE-2021-38509)\n\n - The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38510)\n\n - The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.\n (CVE-2021-40529)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-30T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1635-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29981", "CVE-2021-29982", "CVE-2021-29987", "CVE-2021-29991", "CVE-2021-32810", "CVE-2021-38492", "CVE-2021-38493", "CVE-2021-38495", "CVE-2021-38496", "CVE-2021-38497", "CVE-2021-38498", "CVE-2021-38500", "CVE-2021-38501", "CVE-2021-38502", "CVE-2021-38503", "CVE-2021-38504", "CVE-2021-38505", "CVE-2021-38506", "CVE-2021-38507", "CVE-2021-38508", "CVE-2021-38509", "CVE-2021-38510", "CVE-2021-40529", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2022-03-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillathunderbird", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1635.NASL", "href": "https://www.tenable.com/plugins/nessus/156395", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1635-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156395);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/17\");\n\n script_cve_id(\n \"CVE-2021-29981\",\n \"CVE-2021-29982\",\n \"CVE-2021-29987\",\n \"CVE-2021-29991\",\n \"CVE-2021-32810\",\n \"CVE-2021-38492\",\n \"CVE-2021-38493\",\n \"CVE-2021-38495\",\n \"CVE-2021-38496\",\n \"CVE-2021-38497\",\n \"CVE-2021-38498\",\n \"CVE-2021-38500\",\n \"CVE-2021-38501\",\n \"CVE-2021-38502\",\n \"CVE-2021-38503\",\n \"CVE-2021-38504\",\n \"CVE-2021-38505\",\n \"CVE-2021-38506\",\n \"CVE-2021-38507\",\n \"CVE-2021-38508\",\n \"CVE-2021-38509\",\n \"CVE-2021-38510\",\n \"CVE-2021-40529\",\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0366-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0386-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0461-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0405\");\n script_xref(name:\"IAVA\", value:\"2021-A-0527-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0450-S\");\n\n script_name(english:\"openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1635-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1635-1 advisory.\n\n - An issue present in lowering/register allocation could have led to obscure but deterministic register\n confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability\n affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29981)\n\n - Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object,\n resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and\n Thunderbird < 91. (CVE-2021-29982)\n\n - After requesting multiple permissions, and closing the first permission panel, subsequent permission\n panels will be displayed in a different position but still record a click in the default location, making\n it possible to trick a user into accepting a permission they did not want to. *This bug only affects\n Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and\n Thunderbird < 91. (CVE-2021-29987)\n\n - Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This\n allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox <\n 91.0.1 and Thunderbird < 91.0.1. (CVE-2021-29991)\n\n - crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in\n Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in\n the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks\n are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a\n logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are\n affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. (CVE-2021-32810)\n\n - When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might\n allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug\n only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects\n Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.\n (CVE-2021-38492)\n\n - Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14,\n and Firefox < 92. (CVE-2021-38493)\n\n - Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed\n evidence of memory corruption and we presume that with enough effort some of these could have been\n exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.\n (CVE-2021-38495)\n\n - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in\n memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15,\n Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38496)\n\n - Through use of reportValidity() and window.open(), a plain-text validation message could have been\n overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability\n affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38497)\n\n - During process shutdown, a document could have caused a use-after-free of a languages service object,\n leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93,\n Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38498)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2,\n Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38500)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and\n Firefox ESR < 91.2. (CVE-2021-38501)\n\n - Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could\n perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated\n session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was\n configured, the MITM could obtain the authentication credentials, too. This vulnerability affects\n Thunderbird < 91.2. (CVE-2021-38502)\n\n - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass\n restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects\n Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38503)\n\n - When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-\n free could have resulted, leading to memory corruption and a potentially exploitable crash. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38504)\n\n - Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record\n data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios.\n Applications that wish to prevent copied data from being recorded in Cloud History must use specific\n clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have\n caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for\n Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability\n affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38505)\n\n - Through a series of navigations, Firefox could have entered fullscreen mode without notification or\n warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38506)\n\n - The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded\n to TLS while retaining the visual properties of an HTTP connection, including being same-origin with\n unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port\n 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the\n browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin\n with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38507)\n\n - By displaying a form validity message in the correct location at the same time as a permission prompt\n (such as for geolocation), the validity message could have obscured the prompt, resulting in the user\n potentially being tricked into granting the permission. This vulnerability affects Firefox < 94,\n Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38508)\n\n - Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary\n (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's\n choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.\n (CVE-2021-38509)\n\n - The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac\n OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other\n operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and\n Firefox ESR < 91.3. (CVE-2021-38510)\n\n - The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows\n plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous\n combination of the prime defined by the receiver's public key, the generator defined by the receiver's\n public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.\n (CVE-2021-40529)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was\n limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to\n further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the\n target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory\n leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR <\n 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for\n pages that had received full screen and pointer lock access, which could have been used for spoofing\n attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC\n occurring within the call not tracing those live pointers. This could have led to a use-after-free causing\n a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0,\n and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not\n properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages\n for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by\n embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This\n vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190269\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193485\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YVVRA5LXBWWHGQPQLJYZRWPCG4E2L7WQ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5097dbc9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-40529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43546\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaThunderbird, MozillaThunderbird-translations-common and / or MozillaThunderbird-translations-\nother packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38503\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'MozillaThunderbird-91.4.0-lp152.2.52.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaThunderbird-translations-common-91.4.0-lp152.2.52.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaThunderbird-translations-other-91.4.0-lp152.2.52.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaThunderbird / MozillaThunderbird-translations-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:48:49", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:4150-1 advisory.\n\n - An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29981)\n\n - Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29982)\n\n - After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29987)\n\n - Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1. (CVE-2021-29991)\n\n - crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. (CVE-2021-32810)\n\n - When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.\n (CVE-2021-38492)\n\n - Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. (CVE-2021-38493)\n\n - Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.\n (CVE-2021-38495)\n\n - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38496)\n\n - Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38497)\n\n - During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38498)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38500)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38501)\n\n - Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2. (CVE-2021-38502)\n\n - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38503)\n\n - When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after- free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38504)\n\n - Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios.\n Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38505)\n\n - Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38506)\n\n - The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38507)\n\n - By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38508)\n\n - Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.\n (CVE-2021-38509)\n\n - The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38510)\n\n - The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.\n (CVE-2021-40529)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-25T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:4150-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29981", "CVE-2021-29982", "CVE-2021-29987", "CVE-2021-29991", "CVE-2021-32810", "CVE-2021-38492", "CVE-2021-38493", "CVE-2021-38495", "CVE-2021-38496", "CVE-2021-38497", "CVE-2021-38498", "CVE-2021-38500", "CVE-2021-38501", "CVE-2021-38502", "CVE-2021-38503", "CVE-2021-38504", "CVE-2021-38505", "CVE-2021-38506", "CVE-2021-38507", "CVE-2021-38508", "CVE-2021-38509", "CVE-2021-38510", "CVE-2021-40529", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2022-03-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other", "cpe:/o:novell:opensuse:15.3", "p-cpe:/a:novell:opensuse:mozillathunderbird", "p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common"], "id": "OPENSUSE-2021-4150.NASL", "href": "https://www.tenable.com/plugins/nessus/156271", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:4150-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156271);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/17\");\n\n script_cve_id(\n \"CVE-2021-29981\",\n \"CVE-2021-29982\",\n \"CVE-2021-29987\",\n \"CVE-2021-29991\",\n \"CVE-2021-32810\",\n \"CVE-2021-38492\",\n \"CVE-2021-38493\",\n \"CVE-2021-38495\",\n \"CVE-2021-38496\",\n \"CVE-2021-38497\",\n \"CVE-2021-38498\",\n \"CVE-2021-38500\",\n \"CVE-2021-38501\",\n \"CVE-2021-38502\",\n \"CVE-2021-38503\",\n \"CVE-2021-38504\",\n \"CVE-2021-38505\",\n \"CVE-2021-38506\",\n \"CVE-2021-38507\",\n \"CVE-2021-38508\",\n \"CVE-2021-38509\",\n \"CVE-2021-38510\",\n \"CVE-2021-40529\",\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0366-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0386-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0461-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0405\");\n script_xref(name:\"IAVA\", value:\"2021-A-0527-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0450-S\");\n\n script_name(english:\"openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:4150-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:4150-1 advisory.\n\n - An issue present in lowering/register allocation could have led to obscure but deterministic register\n confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability\n affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29981)\n\n - Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object,\n resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and\n Thunderbird < 91. (CVE-2021-29982)\n\n - After requesting multiple permissions, and closing the first permission panel, subsequent permission\n panels will be displayed in a different position but still record a click in the default location, making\n it possible to trick a user into accepting a permission they did not want to. *This bug only affects\n Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and\n Thunderbird < 91. (CVE-2021-29987)\n\n - Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This\n allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox <\n 91.0.1 and Thunderbird < 91.0.1. (CVE-2021-29991)\n\n - crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in\n Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in\n the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks\n are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a\n logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are\n affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. (CVE-2021-32810)\n\n - When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might\n allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug\n only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects\n Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.\n (CVE-2021-38492)\n\n - Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14,\n and Firefox < 92. (CVE-2021-38493)\n\n - Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed\n evidence of memory corruption and we presume that with enough effort some of these could have been\n exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.\n (CVE-2021-38495)\n\n - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in\n memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15,\n Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38496)\n\n - Through use of reportValidity() and window.open(), a plain-text validation message could have been\n overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability\n affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38497)\n\n - During process shutdown, a document could have caused a use-after-free of a languages service object,\n leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93,\n Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38498)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2,\n Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38500)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and\n Firefox ESR < 91.2. (CVE-2021-38501)\n\n - Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could\n perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated\n session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was\n configured, the MITM could obtain the authentication credentials, too. This vulnerability affects\n Thunderbird < 91.2. (CVE-2021-38502)\n\n - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass\n restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects\n Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38503)\n\n - When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-\n free could have resulted, leading to memory corruption and a potentially exploitable crash. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38504)\n\n - Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record\n data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios.\n Applications that wish to prevent copied data from being recorded in Cloud History must use specific\n clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have\n caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for\n Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability\n affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38505)\n\n - Through a series of navigations, Firefox could have entered fullscreen mode without notification or\n warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38506)\n\n - The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded\n to TLS while retaining the visual properties of an HTTP connection, including being same-origin with\n unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port\n 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the\n browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin\n with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38507)\n\n - By displaying a form validity message in the correct location at the same time as a permission prompt\n (such as for geolocation), the validity message could have obscured the prompt, resulting in the user\n potentially being tricked into granting the permission. This vulnerability affects Firefox < 94,\n Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38508)\n\n - Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary\n (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's\n choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.\n (CVE-2021-38509)\n\n - The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac\n OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other\n operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and\n Firefox ESR < 91.3. (CVE-2021-38510)\n\n - The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows\n plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous\n combination of the prime defined by the receiver's public key, the generator defined by the receiver's\n public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.\n (CVE-2021-40529)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was\n limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to\n further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the\n target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory\n leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR <\n 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for\n pages that had received full screen and pointer lock access, which could have been used for spoofing\n attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC\n occurring within the call not tracing those live pointers. This could have led to a use-after-free causing\n a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0,\n and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not\n properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages\n for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by\n embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This\n vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190269\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193485\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OQOGFW6JISWI3PQR7AHD3OEX3SPELMFB/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dfbe5c04\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-40529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43546\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaThunderbird, MozillaThunderbird-translations-common and / or MozillaThunderbird-translations-\nother packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38503\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'MozillaThunderbird-91.4.0-8.45.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaThunderbird-translations-common-91.4.0-8.45.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'MozillaThunderbird-translations-other-91.4.0-8.45.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaThunderbird / MozillaThunderbird-translations-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:47:46", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4150-1 advisory.\n\n - An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29981)\n\n - Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29982)\n\n - After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29987)\n\n - Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1. (CVE-2021-29991)\n\n - crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. (CVE-2021-32810)\n\n - When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.\n (CVE-2021-38492)\n\n - Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. (CVE-2021-38493)\n\n - Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.\n (CVE-2021-38495)\n\n - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38496)\n\n - Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38497)\n\n - During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38498)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38500)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38501)\n\n - Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2. (CVE-2021-38502)\n\n - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38503)\n\n - When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after- free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38504)\n\n - Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios.\n Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38505)\n\n - Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38506)\n\n - The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38507)\n\n - By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38508)\n\n - Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.\n (CVE-2021-38509)\n\n - The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38510)\n\n - The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.\n (CVE-2021-40529)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-25T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2021:4150-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29981", "CVE-2021-29982", "CVE-2021-29987", "CVE-2021-29991", "CVE-2021-32810", "CVE-2021-38492", "CVE-2021-38493", "CVE-2021-38495", "CVE-2021-38496", "CVE-2021-38497", "CVE-2021-38498", "CVE-2021-38500", "CVE-2021-38501", "CVE-2021-38502", "CVE-2021-38503", "CVE-2021-38504", "CVE-2021-38505", "CVE-2021-38506", "CVE-2021-38507", "CVE-2021-38508", "CVE-2021-38509", "CVE-2021-38510", "CVE-2021-40529", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mozillathunderbird", "p-cpe:/a:novell:suse_linux:mozillathunderbird-translations-common", "p-cpe:/a:novell:suse_linux:mozillathunderbird-translations-other", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-4150-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156292", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:4150-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156292);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\n \"CVE-2021-29981\",\n \"CVE-2021-29982\",\n \"CVE-2021-29987\",\n \"CVE-2021-29991\",\n \"CVE-2021-32810\",\n \"CVE-2021-38492\",\n \"CVE-2021-38493\",\n \"CVE-2021-38495\",\n \"CVE-2021-38496\",\n \"CVE-2021-38497\",\n \"CVE-2021-38498\",\n \"CVE-2021-38500\",\n \"CVE-2021-38501\",\n \"CVE-2021-38502\",\n \"CVE-2021-38503\",\n \"CVE-2021-38504\",\n \"CVE-2021-38505\",\n \"CVE-2021-38506\",\n \"CVE-2021-38507\",\n \"CVE-2021-38508\",\n \"CVE-2021-38509\",\n \"CVE-2021-38510\",\n \"CVE-2021-40529\",\n \"CVE-2021-43528\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0405\");\n script_xref(name:\"IAVA\", value:\"2021-A-0366-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0386-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0527-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0450-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0461-S\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:4150-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2021:4150-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:4150-1 advisory.\n\n - An issue present in lowering/register allocation could have led to obscure but deterministic register\n confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability\n affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29981)\n\n - Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object,\n resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and\n Thunderbird < 91. (CVE-2021-29982)\n\n - After requesting multiple permissions, and closing the first permission panel, subsequent permission\n panels will be displayed in a different position but still record a click in the default location, making\n it possible to trick a user into accepting a permission they did not want to. *This bug only affects\n Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and\n Thunderbird < 91. (CVE-2021-29987)\n\n - Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This\n allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox <\n 91.0.1 and Thunderbird < 91.0.1. (CVE-2021-29991)\n\n - crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in\n Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in\n the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks\n are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a\n logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are\n affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. (CVE-2021-32810)\n\n - When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might\n allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug\n only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects\n Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.\n (CVE-2021-38492)\n\n - Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14,\n and Firefox < 92. (CVE-2021-38493)\n\n - Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed\n evidence of memory corruption and we presume that with enough effort some of these could have been\n exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.\n (CVE-2021-38495)\n\n - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in\n memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15,\n Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38496)\n\n - Through use of reportValidity() and window.open(), a plain-text validation message could have been\n overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability\n affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38497)\n\n - During process shutdown, a document could have caused a use-after-free of a languages service object,\n leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93,\n Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38498)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2,\n Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38500)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and\n Firefox ESR < 91.2. (CVE-2021-38501)\n\n - Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could\n perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated\n session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was\n configured, the MITM could obtain the authentication credentials, too. This vulnerability affects\n Thunderbird < 91.2. (CVE-2021-38502)\n\n - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass\n restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects\n Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38503)\n\n - When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-\n free could have resulted, leading to memory corruption and a potentially exploitable crash. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38504)\n\n - Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record\n data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios.\n Applications that wish to prevent copied data from being recorded in Cloud History must use specific\n clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have\n caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for\n Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability\n affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38505)\n\n - Through a series of navigations, Firefox could have entered fullscreen mode without notification or\n warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38506)\n\n - The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded\n to TLS while retaining the visual properties of an HTTP connection, including being same-origin with\n unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port\n 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the\n browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin\n with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38507)\n\n - By displaying a form validity message in the correct location at the same time as a permission prompt\n (such as for geolocation), the validity message could have obscured the prompt, resulting in the user\n potentially being tricked into granting the permission. This vulnerability affects Firefox < 94,\n Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38508)\n\n - Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary\n (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's\n choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.\n (CVE-2021-38509)\n\n - The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac\n OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other\n operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and\n Firefox ESR < 91.3. (CVE-2021-38510)\n\n - The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows\n plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous\n combination of the prime defined by the receiver's public key, the generator defined by the receiver's\n public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.\n (CVE-2021-40529)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was\n limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to\n further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the\n target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory\n leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR <\n 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for\n pages that had received full screen and pointer lock access, which could have been used for spoofing\n attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC\n occurring within the call not tracing those live pointers. This could have led to a use-after-free causing\n a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0,\n and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not\n properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages\n for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by\n embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This\n vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190269\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-40529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43546\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-December/009928.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d27d716f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaThunderbird, MozillaThunderbird-translations-common and / or MozillaThunderbird-translations-\nother packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38503\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'MozillaThunderbird-91.4.0-8.45.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-91.4.0-8.45.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-translations-common-91.4.0-8.45.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-translations-common-91.4.0-8.45.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-translations-other-91.4.0-8.45.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-translations-other-91.4.0-8.45.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'MozillaThunderbird-91.4.0-8.45.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'MozillaThunderbird-91.4.0-8.45.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'MozillaThunderbird-translations-common-91.4.0-8.45.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'MozillaThunderbird-translations-common-91.4.0-8.45.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'MozillaThunderbird-translations-other-91.4.0-8.45.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'MozillaThunderbird-translations-other-91.4.0-8.45.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-we-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaThunderbird / MozillaThunderbird-translations-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-25T14:46:51", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5248-1 advisory.\n\n - An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29981)\n\n - Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29982)\n\n - After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29987)\n\n - Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1. (CVE-2021-29991)\n\n - Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.\n (CVE-2021-38495)\n\n - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38496)\n\n - Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38497)\n\n - During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38498)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38500)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38501)\n\n - Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2. (CVE-2021-38502)\n\n - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38503)\n\n - When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after- free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38504)\n\n - Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38506)\n\n - The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38507)\n\n - By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38508)\n\n - Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.\n (CVE-2021-38509)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-43534)\n\n - A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-43535)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\n - The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces and digits. The known affected products are Element Web And SchildiChat Web. (CVE-2021-44538)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-22T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Thunderbird vulnerabilities (USN-5248-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29981", "CVE-2021-29982", "CVE-2021-29987", "CVE-2021-29991", "CVE-2021-38495", "CVE-2021-38496", "CVE-2021-38497", "CVE-2021-38498", "CVE-2021-38500", "CVE-2021-38501", "CVE-2021-38502", "CVE-2021-38503", "CVE-2021-38504", "CVE-2021-38506", "CVE-2021-38507", "CVE-2021-38508", "CVE-2021-38509", "CVE-2021-4126", "CVE-2021-4129", "CVE-2021-4140", "CVE-2021-43528", "CVE-2021-43534", "CVE-2021-43535", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546", "CVE-2021-44538", "CVE-2022-22737", "CVE-2022-22738", "CVE-2022-22739", "CVE-2022-22740", "CVE-2022-22741", "CVE-2022-22742", "CVE-2022-22743", "CVE-2022-22745", "CVE-2022-22747", "CVE-2022-22748", "CVE-2022-22751"], "modified": "2023-07-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-af", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ar", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ast", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-be", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bg", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn-bd", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-br", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ca", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cak", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cs", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-da", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-de", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-dsb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-el", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-gb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-us", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-ar", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-es", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-et", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-eu", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fa", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fi", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy-nl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga-ie", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gd", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-he", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hsb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hu", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hy", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-id", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-is", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-it", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ja", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ka", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kab", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ko", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lv", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-mk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ms", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb-no", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn-no", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa-in", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-br", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-pt", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-rm", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ro", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ru", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-si", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sl", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sq", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv-se", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta-lk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-th", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-tr", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uk", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uz", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-vi", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-cn", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hans", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hant", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-tw", "p-cpe:/a:canonical:ubuntu_linux:thunderbird-mozsymbols", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-calendar-timezones", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-gdata-provider", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-lightning"], "id": "UBUNTU_USN-5248-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156961", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5248-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156961);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/10\");\n\n script_cve_id(\n \"CVE-2021-4126\",\n \"CVE-2021-4129\",\n \"CVE-2021-4140\",\n \"CVE-2021-29981\",\n \"CVE-2021-29982\",\n \"CVE-2021-29987\",\n \"CVE-2021-29991\",\n \"CVE-2021-38495\",\n \"CVE-2021-38496\",\n \"CVE-2021-38497\",\n \"CVE-2021-38498\",\n \"CVE-2021-38500\",\n \"CVE-2021-38501\",\n \"CVE-2021-38502\",\n \"CVE-2021-38503\",\n \"CVE-2021-38504\",\n \"CVE-2021-38506\",\n \"CVE-2021-38507\",\n \"CVE-2021-38508\",\n \"CVE-2021-38509\",\n \"CVE-2021-43528\",\n \"CVE-2021-43534\",\n \"CVE-2021-43535\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\",\n \"CVE-2021-44538\",\n \"CVE-2022-22737\",\n \"CVE-2022-22738\",\n \"CVE-2022-22739\",\n \"CVE-2022-22740\",\n \"CVE-2022-22741\",\n \"CVE-2022-22742\",\n \"CVE-2022-22743\",\n \"CVE-2022-22745\",\n \"CVE-2022-22747\",\n \"CVE-2022-22748\",\n \"CVE-2022-22751\"\n );\n script_xref(name:\"USN\", value:\"5248-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0603-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0366-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0386-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0405\");\n script_xref(name:\"IAVA\", value:\"2021-A-0450-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0461-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0527-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0569-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0017-S\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Thunderbird vulnerabilities (USN-5248-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5248-1 advisory.\n\n - An issue present in lowering/register allocation could have led to obscure but deterministic register\n confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability\n affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29981)\n\n - Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object,\n resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and\n Thunderbird < 91. (CVE-2021-29982)\n\n - After requesting multiple permissions, and closing the first permission panel, subsequent permission\n panels will be displayed in a different position but still record a click in the default location, making\n it possible to trick a user into accepting a permission they did not want to. *This bug only affects\n Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and\n Thunderbird < 91. (CVE-2021-29987)\n\n - Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This\n allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox <\n 91.0.1 and Thunderbird < 91.0.1. (CVE-2021-29991)\n\n - Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed\n evidence of memory corruption and we presume that with enough effort some of these could have been\n exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.\n (CVE-2021-38495)\n\n - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in\n memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15,\n Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38496)\n\n - Through use of reportValidity() and window.open(), a plain-text validation message could have been\n overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability\n affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38497)\n\n - During process shutdown, a document could have caused a use-after-free of a languages service object,\n leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93,\n Thunderbird < 91.2, and Firefox ESR < 91.2. (CVE-2021-38498)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2,\n Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. (CVE-2021-38500)\n\n - Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and\n Firefox ESR < 91.2. (CVE-2021-38501)\n\n - Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could\n perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated\n session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was\n configured, the MITM could obtain the authentication credentials, too. This vulnerability affects\n Thunderbird < 91.2. (CVE-2021-38502)\n\n - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass\n restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects\n Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38503)\n\n - When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-\n free could have resulted, leading to memory corruption and a potentially exploitable crash. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38504)\n\n - Through a series of navigations, Firefox could have entered fullscreen mode without notification or\n warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38506)\n\n - The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded\n to TLS while retaining the visual properties of an HTTP connection, including being same-origin with\n unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port\n 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the\n browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin\n with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This\n vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38507)\n\n - By displaying a form validity message in the correct location at the same time as a permission prompt\n (such as for geolocation), the validity message could have obscured the prompt, resulting in the user\n potentially being tricked into granting the permission. This vulnerability affects Firefox < 94,\n Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-38508)\n\n - Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary\n (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's\n choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.\n (CVE-2021-38509)\n\n - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was\n limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to\n further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.\n (CVE-2021-43528)\n\n - Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR\n 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some\n of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94,\n Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-43534)\n\n - A use-after-free could have occured when an HTTP2 session object was released on a different thread,\n leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93,\n Thunderbird < 91.3, and Firefox ESR < 91.3. (CVE-2021-43535)\n\n - Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the\n target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43536)\n\n - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory\n leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR <\n 91.4.0, and Firefox < 95. (CVE-2021-43537)\n\n - By misusing a race in our notification code, an attacker could have forcefully hidden the notification for\n pages that had received full screen and pointer lock access, which could have been used for spoofing\n attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43538)\n\n - Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC\n occurring within the call not tracing those live pointers. This could have led to a use-after-free causing\n a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0,\n and Firefox < 95. (CVE-2021-43539)\n\n - When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not\n properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.\n (CVE-2021-43541)\n\n - Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages\n for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43542)\n\n - Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by\n embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and\n Firefox < 95. (CVE-2021-43543)\n\n - Using the Location API in a loop could have caused severe application hangs and crashes. This\n vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43545)\n\n - It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\n This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. (CVE-2021-43546)\n\n - The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The\n Olm session object represents a cryptographic channel between two parties. Therefore, its state is\n partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of\n messages to manipulate the state of the receiver's session in such a way that, for some buffer sizes, a\n buffer overflow happens on a call to olm_session_describe. Furthermore, safe buffer sizes were\n undocumented. The overflow content is partially controllable by the attacker and limited to ASCII spaces\n and digits. The known affected products are Element Web And SchildiChat Web. (CVE-2021-44538)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5248-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44538\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-4140\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-gnome-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ast\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-bn-bd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-dsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-gb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-en-us\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-es-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-fy-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ga-ie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hsb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-hy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-kk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-mk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nb-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-nn-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pa-in\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-pt-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-si\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-sv-se\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-ta-lk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-uz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hans\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-hant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-locale-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird-mozsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-calendar-timezones\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-gdata-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-lightning\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'thunderbird', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-dev', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-gnome-support', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-af', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ar', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ast', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-be', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-bg', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-bn', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-bn-bd', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-br', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ca', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-cak', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-cs', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-cy', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-da', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-de', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-dsb', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-el', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-en', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-en-gb', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-en-us', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-es', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-es-ar', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-es-es', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-et', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-eu', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-fa', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-fi', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-fr', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-fy', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-fy-nl', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ga', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ga-ie', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-gd', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-gl', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-he', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-hr', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-hsb', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-hu', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-hy', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-id', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-is', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-it', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ja', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ka', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-kab', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-kk', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ko', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-lt', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-lv', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-mk', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ms', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-nb', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-nb-no', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-nl', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-nn', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-nn-no', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pa', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pa-in', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pl', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pt', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pt-br', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-pt-pt', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-rm', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ro', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ru', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-si', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sk', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sl', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sq', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sr', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sv', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-sv-se', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ta', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-ta-lk', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-th', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-tr', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-uk', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-uz', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-vi', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-zh-cn', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-zh-hans', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-zh-hant', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-locale-zh-tw', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'thunderbird-mozsymbols', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'xul-ext-calendar-timezones', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'xul-ext-gdata-provider', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'xul-ext-lightning', 'pkgver': '1:91.5.0+build1-0ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-dev', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-gnome-support', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-af', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ar', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ast', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-be', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-bg', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-bn', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-bn-bd', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-br', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ca', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-cak', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-cs', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-cy', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-da', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-de', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-dsb', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-el', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-en', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-en-gb', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-en-us', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-es', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-es-ar', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-es-es', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-et', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-eu', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-fa', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-fi', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-fr', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-fy', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-fy-nl', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ga', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ga-ie', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-gd', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-gl', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-he', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-hr', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-hsb', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-hu', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-hy', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-id', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-is', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-it', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ja', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ka', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-kab', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-kk', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ko', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-lt', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-lv', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-mk', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ms', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-nb', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-nb-no', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-nl', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-nn', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-nn-no', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pa', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pa-in', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pl', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pt', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pt-br', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-pt-pt', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-rm', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ro', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ru', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-si', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sk', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sl', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sq', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sr', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sv', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-sv-se', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ta', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-ta-lk', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-th', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-tr', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-uk', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-uz', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-vi', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-zh-cn', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-zh-hans', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-zh-hant', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-locale-zh-tw', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'thunderbird-mozsymbols', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'xul-ext-calendar-timezones', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'xul-ext-gdata-provider', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'xul-ext-lightning', 'pkgver': '1:91.5.0+build1-0ubuntu0.20.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird / thunderbird-dev / thunderbird-gnome-support / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-01T19:42:25", "description": "The remote host is affected by the vulnerability described in GLSA-202208-14 (Mozilla Thunderbird: Multiple Vulnerabilities)\n\n - Please review the referenced CVE identifiers for details. (CVE-2021-29967, CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989, CVE-2021-30547, CVE-2021-38492, CVE-2021-38493, CVE-2021-38495, CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-40529, CVE-2021-4129, CVE-2021-4140, CVE-2021-43528, CVE-2021-43529, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546, CVE-2022-0566, CVE-2022-1196, CVE-2022-1197, CVE-2022-1520, CVE-2022-1529, CVE-2022-1802, CVE-2022-1834, CVE-2022-2200, CVE-2022-2226, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751, CVE-2022-22754, CVE-2022-22756, CVE-2022-22759, CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, CVE-2022-22764, CVE-2022-24713, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387, CVE-2022-26485, CVE-2022-26486, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289, CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917, CVE-2022-31736, CVE-2022-31737, CVE-2022-31738, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742, CVE-2022-31747, CVE-2022-34468, CVE-2022-34470, CVE-2022-34472, CVE-2022-34478, CVE-2022-34479, CVE-2022-34481, CVE-2022-34484, CVE-2022-36318, CVE-2022-36319)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "GLSA-202208-14 : Mozilla Thunderbird: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-29967", "CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-29980", "CVE-2021-29984", "CVE-2021-29985", "CVE-2021-29986", "CVE-2021-29988", "CVE-2021-29989", "CVE-2021-30547", "CVE-2021-38492", "CVE-2021-38493", "CVE-2021-38495", "CVE-2021-38503", "CVE-2021-38504", "CVE-2021-38506", "CVE-2021-38507", "CVE-2021-38508", "CVE-2021-38509", "CVE-2021-40529", "CVE-2021-4129", "CVE-2021-4140", "CVE-2021-43528", "CVE-2021-43529", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546", "CVE-2022-0566", "CVE-2022-1196", "CVE-2022-1197", "CVE-2022-1520", "CVE-2022-1529", "CVE-2022-1802", "CVE-2022-1834", "CVE-2022-2200", "CVE-2022-2226", "CVE-2022-22737", "CVE-2022-22738", "CVE-2022-22739", "CVE-2022-22740", "CVE-2022-22741", "CVE-2022-22742", "CVE-2022-22743", "CVE-2022-22745", "CVE-2022-22747", "CVE-2022-22748", "CVE-2022-22751", "CVE-2022-22754", "CVE-2022-22756", "CVE-2022-22759", "CVE-2022-22760", "CVE-2022-22761", "CVE-2022-22763", "CVE-2022-22764", "CVE-2022-24713", "CVE-2022-26381", "CVE-2022-26383", "CVE-2022-26384", "CVE-2022-26386", "CVE-2022-26387", "CVE-2022-26485", "CVE-2022-26486", "CVE-2022-28281", "CVE-2022-28282", "CVE-2022-28285", "CVE-2022-28286", "CVE-2022-28289", "CVE-2022-29909", "CVE-2022-29911", "CVE-2022-29912", "CVE-2022-29913", "CVE-2022-29914", "CVE-2022-29916", "CVE-2022-29917", "CVE-2022-31736", "CVE-2022-31737", "CVE-2022-31738", "CVE-2022-31740", "CVE-2022-31741", "CVE-2022-31742", "CVE-2022-31747", "CVE-2022-34468", "CVE-2022-34470", "CVE-2022-34472", "CVE-2022-34478", "CVE-2022-34479", "CVE-2022-34481", "CVE-2022-34484", "CVE-2022-36318", "CVE-2022-36319"], "modified": "2022-08-10T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:thunderbird", "p-cpe:/a:gentoo:linux:thunderbird-bin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-14.NASL", "href": "https://www.tenable.com/plugins/nessus/163986", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-14.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163986);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/10\");\n\n script_cve_id(\n \"CVE-2021-4129\",\n \"CVE-2021-4140\",\n \"CVE-2021-29967\",\n \"CVE-2021-29969\",\n \"CVE-2021-29970\",\n \"CVE-2021-29976\",\n \"CVE-2021-29980\",\n \"CVE-2021-29984\",\n \"CVE-2021-29985\",\n \"CVE-2021-29986\",\n \"CVE-2021-29988\",\n \"CVE-2021-29989\",\n \"CVE-2021-30547\",\n \"CVE-2021-38492\",\n \"CVE-2021-38493\",\n \"CVE-2021-38495\",\n \"CVE-2021-38503\",\n \"CVE-2021-38504\",\n \"CVE-2021-38506\",\n \"CVE-2021-38507\",\n \"CVE-2021-38508\",\n \"CVE-2021-38509\",\n \"CVE-2021-40529\",\n \"CVE-2021-43528\",\n \"CVE-2021-43529\",\n \"CVE-2021-43536\",\n \"CVE-2021-43537\",\n \"CVE-2021-43538\",\n \"CVE-2021-43539\",\n \"CVE-2021-43541\",\n \"CVE-2021-43542\",\n \"CVE-2021-43543\",\n \"CVE-2021-43545\",\n \"CVE-2021-43546\",\n \"CVE-2022-0566\",\n \"CVE-2022-1196\",\n \"CVE-2022-1197\",\n \"CVE-2022-1520\",\n \"CVE-2022-1529\",\n \"CVE-2022-1802\",\n \"CVE-2022-1834\",\n \"CVE-2022-2200\",\n \"CVE-2022-2226\",\n \"CVE-2022-22737\",\n \"CVE-2022-22738\",\n \"CVE-2022-22739\",\n \"CVE-2022-22740\",\n \"CVE-2022-22741\",\n \"CVE-2022-22742\",\n \"CVE-2022-22743\",\n \"CVE-2022-22745\",\n \"CVE-2022-22747\",\n \"CVE-2022-22748\",\n \"CVE-2022-22751\",\n \"CVE-2022-22754\",\n \"CVE-2022-22756\",\n \"CVE-2022-22759\",\n \"CVE-2022-22760\",\n \"CVE-2022-22761\",\n \"CVE-2022-22763\",\n \"CVE-2022-22764\",\n \"CVE-2022-24713\",\n \"CVE-2022-26381\",\n \"CVE-2022-26383\",\n \"CVE-2022-26384\",\n \"CVE-2022-26386\",\n \"CVE-2022-26387\",\n \"CVE-2022-26485\",\n \"CVE-2022-26486\",\n \"CVE-2022-28281\",\n \"CVE-2022-28282\",\n \"CVE-2022-28285\",\n \"CVE-2022-28286\",\n \"CVE-2022-28289\",\n \"CVE-2022-29909\",\n \"CVE-2022-29911\",\n \"CVE-2022-29912\",\n \"CVE-2022-29913\",\n \"CVE-2022-29914\",\n \"CVE-2022-29916\",\n \"CVE-2022-29917\",\n \"CVE-2022-31736\",\n \"CVE-2022-31737\",\n \"CVE-2022-31738\",\n \"CVE-2022-31740\",\n \"CVE-2022-31741\",\n \"CVE-2022-31742\",\n \"CVE-2022-31747\",\n \"CVE-2022-34468\",\n \"CVE-2022-34470\",\n \"CVE-2022-34472\",\n \"CVE-2022-34478\",\n \"CVE-2022-34479\",\n \"CVE-2022-34481\",\n \"CVE-2022-34484\",\n \"CVE-2022-36318\",\n \"CVE-2022-36319\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/21\");\n\n script_name(english:\"GLSA-202208-14 : Mozilla Thunderbird: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-14 (Mozilla Thunderbird: Multiple\nVulnerabilities)\n\n - Please review the referenced CVE identifiers for details. (CVE-2021-29967, CVE-2021-29969,\n CVE-2021-29970, CVE-2021-29976, CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986,\n CVE-2021-29988, CVE-2021-29989, CVE-2021-30547, CVE-2021-38492, CVE-2021-38493, CVE-2021-38495,\n CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509,\n CVE-2021-40529, CVE-2021-4129, CVE-2021-4140, CVE-2021-43528, CVE-2021-43529, CVE-2021-43536,\n CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543,\n CVE-2021-43545, CVE-2021-43546, CVE-2022-0566, CVE-2022-1196, CVE-2022-1197, CVE-2022-1520, CVE-2022-1529,\n CVE-2022-1802, CVE-2022-1834, CVE-2022-2200, CVE-2022-2226, CVE-2022-22737, CVE-2022-22738,\n CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745,\n CVE-2022-22747, CVE-2022-22748, CVE-2022-22751, CVE-2022-22754, CVE-2022-22756, CVE-2022-22759,\n CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, CVE-2022-22764, CVE-2022-24713, CVE-2022-26381,\n CVE-2022-26383, CVE-2022-26384, CVE-2022-26386, CVE-2022-26387, CVE-2022-26485, CVE-2022-26486,\n CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289, CVE-2022-29909,\n CVE-2022-29911, CVE-2022-29912, CVE-2022-29913, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917,\n CVE-2022-31736, CVE-2022-31737, CVE-2022-31738, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742,\n CVE-2022-31747, CVE-2022-34468, CVE-2022-34470, CVE-2022-34472, CVE-2022-34478, CVE-2022-34479,\n CVE-2022-34481, CVE-2022-34484, CVE-2022-36318, CVE-2022-36319)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-14\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=794085\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=802759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=807943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=811912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=813501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=822294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=828539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=831040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=833520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=834805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=845057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=846596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=849047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=857048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=864577\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Mozilla Thunderbird users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=mail-client/thunderbird-91.12.0\n \nAll Mozilla Thunderbird binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=mail-client/thunderbird-bin-91.12.0\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-36319\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:thunderbird-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"mail-client/thunderbird\",\n 'unaffected' : make_list(\"ge 91.12.0\"),\n 'vulnerable' : make_list(\"lt 91.12.0\")\n },\n {\n 'name' : \"mail-client/thunderbird-bin\",\n 'unaffected' : make_list(\"ge 91.12.0\"),\n 'vulnerable' : make_list(\"lt 91.12.0\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Mozilla Thunderbird\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "altlinux": [{"lastseen": "2023-05-07T11:38:22", "description": "91.4.0-alt1 built Dec. 21, 2021 Andrey Cherepanov in task #291741\n\nDec. 10, 2021 Andrey Cherepanov\n \n \n - New version.\n - Security fixes:\n + CVE-2021-43536 URL leakage when navigating while executing asynchronous function\n + CVE-2021-43537 Heap buffer overflow when using structured clone\n + CVE-2021-43538 Missing fullscreen and pointer lock notification when requesting both\n + CVE-2021-43539 GC rooting failure when calling wasm instance methods\n + CVE-2021-43541 External protocol handler parameters were unescaped\n + CVE-2021-43542 XMLHttpRequest error codes could have leaked the existence of an external protocol handler\n + CVE-2021-43543 Bypass of CSP sandbox directive when embedding\n + CVE-2021-43545 Denial of Service when using the Location API in a loop\n + CVE-2021-43546 Cursor spoofing could overlay user interface when native cursor is zoomed\n + CVE-2021-43528 JavaScript unexpectedly enabled for the composition area\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-21T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package thunderbird version 91.4.0-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2021-12-21T00:00:00", "id": "F1DDEBBEAE00405B57F1750DCAA7F44C", "href": "https://packages.altlinux.org/en/p10/srpms/thunderbird/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "almalinux": [{"lastseen": "2023-05-23T17:12:24", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 91.4.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (BZ#2030116)\n\n* Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n* Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n* Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n* Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n* Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n* Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)\n\n* Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n* Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n* Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n* Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-09T12:14:59", "type": "almalinux", "title": "Important: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2021-12-10T10:58:24", "id": "ALSA-2021:5045", "href": "https://errata.almalinux.org/8/ALSA-2021-5045.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-12-11T10:27:59", "description": "[91.4.0-2.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[91.4.0-2]\n- Update to 91.4.0 build2\n[91.4.0-1]\n- Update to 91.4.0 build1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-12-10T00:00:00", "type": "oraclelinux", "title": "thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2021-12-10T00:00:00", "id": "ELSA-2021-5045", "href": "http://linux.oracle.com/errata/ELSA-2021-5045.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-11T10:27:46", "description": "[91.4.0-3.0.1]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n[91.4.0-3]\n- Bump NVR for ppc64 build\n[91.4.0-2]\n- Update to 91.4.0 build2\n[91.4.0-1]\n- Update to 91.4.0 build1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-12-10T00:00:00", "type": "oraclelinux", "title": "thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2021-12-10T00:00:00", "id": "ELSA-2021-5046", "href": "http://linux.oracle.com/errata/ELSA-2021-5046.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "rocky": [{"lastseen": "2023-08-17T05:54:30", "description": "An update is available for thunderbird.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 91.4.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (BZ#2030116)\n\n* Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n* Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n* Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n* Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n* Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n* Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)\n\n* Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n* Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n* Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n* Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-09T12:14:59", "type": "rocky", "title": "thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4129", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2021-12-09T12:14:59", "id": "RLSA-2021:5045", "href": "https://errata.rockylinux.org/RLSA-2021:5045", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2023-08-16T15:27:36", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 91.4.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (BZ#2030116)\n\n* Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n* Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n* Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n* Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n* Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n* Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)\n\n* Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n* Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n* Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n* Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-09T12:14:59", "type": "redhat", "title": "(RHSA-2021:5045) Important: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4129", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2023-01-02T15:44:47", "id": "RHSA-2021:5045", "href": "https://access.redhat.com/errata/RHSA-2021:5045", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 91.4.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (BZ#2030116)\n\n* Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n* Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n* Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n* Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n* Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n* Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)\n\n* Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n* Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n* Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n* Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-09T12:17:30", "type": "redhat", "title": "(RHSA-2021:5048) Important: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4129", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2023-01-02T15:44:35", "id": "RHSA-2021:5048", "href": "https://access.redhat.com/errata/RHSA-2021:5048", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 91.4.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (BZ#2030116)\n\n* Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n* Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n* Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n* Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n* Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n* Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)\n\n* Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n* Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n* Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n* Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-09T12:15:00", "type": "redhat", "title": "(RHSA-2021:5046) Important: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4129", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2023-01-02T15:53:53", "id": "RHSA-2021:5046", "href": "https://access.redhat.com/errata/RHSA-2021:5046", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 91.4.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (BZ#2030116)\n\n* Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n* Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n* Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n* Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n* Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n* Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)\n\n* Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n* Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n* Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n* Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-09T12:17:29", "type": "redhat", "title": "(RHSA-2021:5047) Important: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4129", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2023-01-02T15:46:25", "id": "RHSA-2021:5047", "href": "https://access.redhat.com/errata/RHSA-2021:5047", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 91.4.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 (BZ#2030116)\n\n* Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)\n\n* Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)\n\n* Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)\n\n* Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)\n\n* Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)\n\n* Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)\n\n* Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)\n\n* Mozilla: JavaScript unexpectedly enabled for the composition area (CVE-2021-43528)\n\n* Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)\n\n* Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-09T14:29:47", "type": "redhat", "title": "(RHSA-2021:5055) Important: thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4129", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2023-01-02T15:44:36", "id": "RHSA-2021:5055", "href": "https://access.redhat.com/errata/RHSA-2021:5055", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mozilla": [{"lastseen": "2023-08-17T05:11:40", "description": "Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL.\nAn incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash.\nBy misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks.\nFailure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash.\nWhen invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped.\nUsing XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols.\nDocuments loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content.\nUsing the Location API in a loop could have caused severe application hangs and crashes.\nIt was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.\nThunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities.\nMozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Thunderbird 91.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-07T00:00:00", "type": "mozilla", "title": "Security Vulnerabilities fixed in Thunderbird 91.4.0 \u2014 Mozilla", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4129", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2021-12-07T00:00:00", "id": "MFSA2021-54", "href": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-08-17T07:18:26", "description": "Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities (CVE-2021-43528). Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL (CVE-2021-43536). An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash due to a heap buffer overflow when using structured clone (CVE-2021-43537). By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received both full screen and pointer lock access, which could have been used for spoofing attacks (CVE-2021-43538). Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash (CVE-2021-43539). When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped (CVE-2021-43541). Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols (CVE-2021-43542). Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content (CVE-2021-43543). Using the Location API in a loop could have caused severe application hangs and crashes (CVE-2021-43545). It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor (CVE-2021-43546). Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Thunderbird 91.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-4129). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-10T22:19:07", "type": "mageia", "title": "Updated thunderbird packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4129", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2021-12-10T22:19:07", "id": "MGASA-2021-0554", "href": "https://advisories.mageia.org/MGASA-2021-0554.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:14:43", "description": "\nMultiple security issues were discovered in Thunderbird, which could\nresult in the execution of arbitrary code, spoofing, information disclosure,\ndowngrade attacks on SMTP STARTTLS connections or misleading display of\nOpenPGP/MIME signatures.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:91.4.1-1~deb9u1.\n\n\nWe recommend that you upgrade your thunderbird packages.\n\n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/thunderbird>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2022-01-04T00:00:00", "type": "osv", "title": "thunderbird - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38507", "CVE-2021-43528", "CVE-2021-38506", "CVE-2021-38504", "CVE-2021-44538", "CVE-2021-4126", "CVE-2021-38509", "CVE-2021-43534", "CVE-2021-43543", "CVE-2021-38496", "CVE-2021-43545", "CVE-2021-43542", "CVE-2021-43541", "CVE-2021-38508", "CVE-2021-43536", "CVE-2021-43538", "CVE-2021-38502", "CVE-2021-43537", "CVE-2021-43535", "CVE-2021-38503", "CVE-2021-43529", "CVE-2021-43539", "CVE-2021-38500", "CVE-2021-43546"], "modified": "2022-07-21T05:54:00", "id": "OSV:DLA-2874-1", "href": "https://osv.dev/vulnerability/DLA-2874-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-03-03T18:43:34", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2874-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nJanuary 04, 2022 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : thunderbird\nVersion : 1:91.4.1-1~deb9u1\nCVE ID : CVE-2021-4126 CVE-2021-38496 CVE-2021-38500 CVE-2021-38502\n CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507\n CVE-2021-38508 CVE-2021-38509 CVE-2021-43528 CVE-2021-43529\n CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537\n CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542\n CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2021-44538\n\nMultiple security issues were discovered in Thunderbird, which could\nresult in the execution of arbitrary code, spoofing, information disclosure,\ndowngrade attacks on SMTP STARTTLS connections or misleading display of\nOpenPGP/MIME signatures.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:91.4.1-1~deb9u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-04T10:10:10", "type": "debian", "title": "[SECURITY] [DLA 2874-1] thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38496", "CVE-2021-38500", "CVE-2021-38502", "CVE-2021-38503", "CVE-2021-38504", "CVE-2021-38506", "CVE-2021-38507", "CVE-2021-38508", "CVE-2021-38509", "CVE-2021-4126", "CVE-2021-43528", "CVE-2021-43529", "CVE-2021-43534", "CVE-2021-43535", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546", "CVE-2021-44538"], "modified": "2022-01-04T10:10:10", "id": "DEBIAN:DLA-2874-1:BF771", "href": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-24T15:25:02", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5034-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 02, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : thunderbird\nCVE ID : CVE-2021-4126 CVE-2021-38496 CVE-2021-38500 CVE-2021-38502 \n CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 \n CVE-2021-38508 CVE-2021-38509 CVE-2021-43528 CVE-2021-43529 \n CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537 \n CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 \n CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2021-44538\n\nMultiple security issues were discovered in Thunderbird, which could\nresult in the execution of arbitrary code, spoofing, information disclosure,\ndowngrade attacks on SMTP STARTTLS connections or misleading display of\nOpenPGP/MIME signatures.\n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 1:91.4.1-1~deb10u1.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1:91.4.1-1~deb11u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-02T17:01:50", "type": "debian", "title": "[SECURITY] [DSA 5034-1] thunderbird security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38496", "CVE-2021-38500", "CVE-2021-38502", "CVE-2021-38503", "CVE-2021-38504", "CVE-2021-38506", "CVE-2021-38507", "CVE-2021-38508", "CVE-2021-38509", "CVE-2021-4126", "CVE-2021-43528", "CVE-2021-43529", "CVE-2021-43534", "CVE-2021-43535", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546", "CVE-2021-44538"], "modified": "2022-01-02T17:01:50", "id": "DEBIAN:DSA-5034-1:D9812", "href": "https://lists.debian.org/debian-security-announce/2022/msg00000.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-08-17T07:51:18", "description": "## Releases\n\n * Ubuntu 21.10 \n\n## Packages\n\n * thunderbird \\- Mozilla Open Source mail and newsgroup client\n\nMultiple security issues were discovered in Thunderbird. If a user were \ntricked into opening a specially crafted website in a browsing context, an \nattacker could potentially exploit these to cause a denial of service, \nobtain sensitive information, conduct spoofing attacks, bypass security \nrestrictions, or execute arbitrary code. (CVE-2021-4129, CVE-2021-4140, \nCVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, \nCVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, \nCVE-2021-43656, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, \nCVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, \nCVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751)\n\nIt was discovered that JavaScript was unexpectedly enabled in the \ncomposition area. An attacker could potentially exploit this in \ncombination with another vulnerability, with unspecified impacts. \n(CVE-2021-43528)\n\nA buffer overflow was discovered in the Matrix chat library bundled with \nThunderbird. An attacker could potentially exploit this to cause a denial \nof service, or execute arbitrary code. (CVE-2021-44538)\n\nIt was discovered that Thunderbird's OpenPGP integration only considered \nthe inner signed message when checking signature validity in a message \nthat contains an additional outer MIME layer. An attacker could \npotentially exploit this to trick the user into thinking that a message \nhas a valid signature. (CVE-2021-4126)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-21T00:00:00", "type": "ubuntu", "title": "Thunderbird vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4126", "CVE-2021-4129", "CVE-2021-4140", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546", "CVE-2021-43656", "CVE-2021-44538", "CVE-2022-22737", "CVE-2022-22738", "CVE-2022-22739", "CVE-2022-22740", "CVE-2022-22741", "CVE-2022-22742", "CVE-2022-22743", "CVE-2022-22745", "CVE-2022-22747", "CVE-2022-22748", "CVE-2022-22751"], "modified": "2022-01-21T00:00:00", "id": "USN-5246-1", "href": "https://ubuntu.com/security/notices/USN-5246-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-17T07:51:14", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * thunderbird \\- Mozilla Open Source mail and newsgroup client\n\nMultiple security issues were discovered in Thunderbird. If a user were \ntricked into opening a specially crafted website in a browsing context, an \nattacker could potentially exploit these to cause a denial of service, \nobtain sensitive information, trick a user into accepting unwanted \npermissions, conduct header splitting attacks, conduct spoofing attacks, \nbypass security restrictions, confuse the user, or execute arbitrary code. \n(CVE-2021-4129, CVE-2021-4140, CVE-2021-29981, CVE-2021-29982, \nCVE-2021-29987, CVE-2021-29991, CVE-2021-38495, CVE-2021-38496, \nCVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, \nCVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, \nCVE-2021-38508, CVE-2021-38509, CVE-2021-43534, CVE-2021-43535, \nCVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, \nCVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, \nCVE-2021-43656, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, \nCVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, \nCVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751)\n\nIt was discovered that Thunderbird ignored the configuration to require \nSTARTTLS for an SMTP connection. A person-in-the-middle could potentially \nexploit this to perform a downgrade attack in order to intercept messages \nor take control of a session. (CVE-2021-38502)\n\nIt was discovered that JavaScript was unexpectedly enabled in the \ncomposition area. An attacker could potentially exploit this in \ncombination with another vulnerability, with unspecified impacts. \n(CVE-2021-43528)\n\nA buffer overflow was discovered in the Matrix chat library bundled with \nThunderbird. An attacker could potentially exploit this to cause a denial \nof service, or execute arbitrary code. (CVE-2021-44538)\n\nIt was discovered that Thunderbird's OpenPGP integration only considered \nthe inner signed message when checking signature validity in a message \nthat contains an additional outer MIME layer. An attacker could \npotentially exploit this to trick the user into thinking that a message \nhas a valid signature. (CVE-2021-4126)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-21T00:00:00", "type": "ubuntu", "title": "Thunderbird vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29981", "CVE-2021-29982", "CVE-2021-29987", "CVE-2021-29991", "CVE-2021-38495", "CVE-2021-38496", "CVE-2021-38497", "CVE-2021-38498", "CVE-2021-38500", "CVE-2021-38501", "CVE-2021-38502", "CVE-2021-38503", "CVE-2021-38504", "CVE-2021-38506", "CVE-2021-38507", "CVE-2021-38508", "CVE-2021-38509", "CVE-2021-4126", "CVE-2021-4129", "CVE-2021-4140", "CVE-2021-43528", "CVE-2021-43534", "CVE-2021-43535", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546", "CVE-2021-43656", "CVE-2021-44538", "CVE-2022-22737", "CVE-2022-22738", "CVE-2022-22739", "CVE-2022-22740", "CVE-2022-22741", "CVE-2022-22742", "CVE-2022-22743", "CVE-2022-22745", "CVE-2022-22747", "CVE-2022-22748", "CVE-2022-22751"], "modified": "2022-01-21T00:00:00", "id": "USN-5248-1", "href": "https://ubuntu.com/security/notices/USN-5248-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-04-18T12:39:52", "description": "An update that fixes 33 vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaThunderbird fixes the following issues:\n\n - Update to version 91.4 MFSA 2021-54 (bsc#1193485)\n - CVE-2021-43536: URL leakage when navigating while executing asynchronous\n function\n - CVE-2021-43537: Heap buffer overflow when using structured clone\n - CVE-2021-43538: Missing fullscreen and pointer lock notification when\n requesting both\n - CVE-2021-43539: GC rooting failure when calling wasm instance methods\n - CVE-2021-43541: External protocol handler parameters were unescaped\n - CVE-2021-43542: XMLHttpRequest error codes could have leaked the\n existence of an external protocol handler\n - CVE-2021-43543: Bypass of CSP sandbox directive when embedding\n - CVE-2021-43545: Denial of Service when using the Location API in a loop\n - CVE-2021-43546: Cursor spoofing could overlay user interface when native\n cursor is zoomed\n - CVE-2021-43528: JavaScript unexpectedly enabled for the composition area\n\n - Update to version 91.3.2\n - CVE-2021-40529: Fixed ElGamal implementation could allow plaintext\n recovery (bsc#1190244)\n\n - Update to version 91.3 MFSA 2021-50 (bsc#1192250)\n - CVE-2021-38503: Fixed iframe sandbox rules did not apply to XSLT\n stylesheets\n - CVE-2021-38504: Fixed use-after-free in file picker dialog\n - CVE-2021-38505: Fixed Windows 10 Cloud Clipboard may have recorded\n sensitive user data\n - CVE-2021-38506: Fixed Thunderbird could be coaxed into going into\n fullscreen mode without notification or warning\n - CVE-2021-38507: Fixed opportunistic Encryption in HTTP2 could be used to\n bypass the Same-Origin-Policy on services hosted on other ports\n - CVE-2021-38508: Fixed permission Prompt could be overlaid, resulting in\n user confusion and potential spoofing\n - CVE-2021-38509: Fixed Javascript alert box could have been spoofed onto\n an arbitrary domain\n - CVE-2021-38510: Fixed Download Protections were bypassed by .inetloc\n files on Mac OS\n - Fixed plain text reformatting regression (bsc#1182863)\n\n - Update to version 91.2 MFSA 2021-47 (bsc#1191332)\n - CVE-2021-29981: Live range splitting could have led to conflicting\n assignments in the JIT\n - CVE-2021-29982: Single bit data leak due to incorrect JIT optimization\n and type confusion\n - CVE-2021-29987: Users could have been tricked into accepting unwanted\n permissions on Linux\n - CVE-2021-32810: Data race in crossbeam-deque\n - CVE-2021-38493: Memory safety bugs fixed in Thunderbird 78.14 and\n Thunderbird 91.1\n - CVE-2021-38496: Use-after-free in MessageTask\n - CVE-2021-38497: Validation message could have been overlaid on another\n origin\n - CVE-2021-38498: Use-after-free of nsLanguageAtomService object\n - CVE-2021-38500: Memory safety bugs fixed in Thunderbird 91.2\n - CVE-2021-38501: Memory safety bugs fixed in Thunderbird 91.2\n - CVE-2021-38502: Downgrade attack on SMTP STARTTLS connections\n\n - Update to version 91.1.0 MFSA 2021-41 (bsc#1190269)\n - CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet\n Explorer\n - CVE-2021-38495: Memory safety bugs fixed in Thunderbird 91.1\n\n - Update to version 91.0.1 MFSA 2021-37 (bsc#1189547)\n - CVE-2021-29991: Header Splitting possible with HTTP/3 Responses\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-4150=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-22T00:00:00", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29981", "CVE-2021-29982", "CVE-2021-29987", "CVE-2021-29991", "CVE-2021-32810", "CVE-2021-38492", "CVE-2021-38493", "CVE-2021-38495", "CVE-2021-38496", "CVE-2021-38497", "CVE-2021-38498", "CVE-2021-38500", "CVE-2021-38501", "CVE-2021-38502", "CVE-2021-38503", "CVE-2021-38504", "CVE-2021-38505", "CVE-2021-38506", "CVE-2021-38507", "CVE-2021-38508", "CVE-2021-38509", "CVE-2021-38510", "CVE-2021-40529", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2021-12-22T00:00:00", "id": "OPENSUSE-SU-2021:4150-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OQOGFW6JISWI3PQR7AHD3OEX3SPELMFB/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:39:52", "description": "An update that fixes 33 vulnerabilities is now available.\n\nDescription:\n\n This update for MozillaThunderbird fixes the following issues:\n\n - Update to version 91.4 MFSA 2021-54 (bsc#1193485)\n - CVE-2021-43536: URL leakage when navigating while executing asynchronous\n function\n - CVE-2021-43537: Heap buffer overflow when using structured clone\n - CVE-2021-43538: Missing fullscreen and pointer lock notification when\n requesting both\n - CVE-2021-43539: GC rooting failure when calling wasm instance methods\n - CVE-2021-43541: External protocol handler parameters were unescaped\n - CVE-2021-43542: XMLHttpRequest error codes could have leaked the\n existence of an external protocol handler\n - CVE-2021-43543: Bypass of CSP sandbox directive when embedding\n - CVE-2021-43545: Denial of Service when using the Location API in a loop\n - CVE-2021-43546: Cursor spoofing could overlay user interface when native\n cursor is zoomed\n - CVE-2021-43528: JavaScript unexpectedly enabled for the composition area\n\n - Update to version 91.3.2\n - CVE-2021-40529: Fixed ElGamal implementation could allow plaintext\n recovery (bsc#1190244)\n\n - Update to version 91.3 MFSA 2021-50 (bsc#1192250)\n - CVE-2021-38503: Fixed iframe sandbox rules did not apply to XSLT\n stylesheets\n - CVE-2021-38504: Fixed use-after-free in file picker dialog\n - CVE-2021-38505: Fixed Windows 10 Cloud Clipboard may have recorded\n sensitive user data\n - CVE-2021-38506: Fixed Thunderbird could be coaxed into going into\n fullscreen mode without notification or warning\n - CVE-2021-38507: Fixed opportunistic Encryption in HTTP2 could be used to\n bypass the Same-Origin-Policy on services hosted on other ports\n - CVE-2021-38508: Fixed permission Prompt could be overlaid, resulting in\n user confusion and potential spoofing\n - CVE-2021-38509: Fixed Javascript alert box could have been spoofed onto\n an arbitrary domain\n - CVE-2021-38510: Fixed Download Protections were bypassed by .inetloc\n files on Mac OS\n - Fixed plain text reformatting regression (bsc#1182863)\n\n - Update to version 91.2 MFSA 2021-47 (bsc#1191332)\n - CVE-2021-29981: Live range splitting could have led to conflicting\n assignments in the JIT\n - CVE-2021-29982: Single bit data leak due to incorrect JIT optimization\n and type confusion\n - CVE-2021-29987: Users could have been tricked into accepting unwanted\n permissions on Linux\n - CVE-2021-32810: Data race in crossbeam-deque\n - CVE-2021-38493: Memory safety bugs fixed in Thunderbird 78.14 and\n Thunderbird 91.1\n - CVE-2021-38496: Use-after-free in MessageTask\n - CVE-2021-38497: Validation message could have been overlaid on another\n origin\n - CVE-2021-38498: Use-after-free of nsLanguageAtomService object\n - CVE-2021-38500: Memory safety bugs fixed in Thunderbird 91.2\n - CVE-2021-38501: Memory safety bugs fixed in Thunderbird 91.2\n - CVE-2021-38502: Downgrade attack on SMTP STARTTLS connections\n\n - Update to version 91.1.0 MFSA 2021-41 (bsc#1190269)\n - CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet\n Explorer\n - CVE-2021-38495: Memory safety bugs fixed in Thunderbird 91.1\n\n - Update to version 91.0.1 MFSA 2021-37 (bsc#1189547)\n - CVE-2021-29991: Header Splitting possible with HTTP/3 Responses\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1635=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-29T00:00:00", "type": "suse", "title": "Security update for MozillaThunderbird (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29981", "CVE-2021-29982", "CVE-2021-29987", "CVE-2021-29991", "CVE-2021-32810", "CVE-2021-38492", "CVE-2021-38493", "CVE-2021-38495", "CVE-2021-38496", "CVE-2021-38497", "CVE-2021-38498", "CVE-2021-38500", "CVE-2021-38501", "CVE-2021-38502", "CVE-2021-38503", "CVE-2021-38504", "CVE-2021-38505", "CVE-2021-38506", "CVE-2021-38507", "CVE-2021-38508", "CVE-2021-38509", "CVE-2021-38510", "CVE-2021-40529", "CVE-2021-43528", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546"], "modified": "2021-12-29T00:00:00", "id": "OPENSUSE-SU-2021:1635-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YVVRA5LXBWWHGQPQLJYZRWPCG4E2L7WQ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-08-17T05:03:17", "description": "### Background\n\nMozilla Thunderbird is a popular open-source email client from the Mozilla project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-91.12.0\"\n \n\nAll Mozilla Thunderbird binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-bin-91.12.0\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-08-10T00:00:00", "type": "gentoo", "title": "Mozilla Thunderbird: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29967", "CVE-2021-29969", "CVE-2021-29970", "CVE-2021-29976", "CVE-2021-29980", "CVE-2021-29984", "CVE-2021-29985", "CVE-2021-29986", "CVE-2021-29988", "CVE-2021-29989", "CVE-2021-30547", "CVE-2021-38492", "CVE-2021-38493", "CVE-2021-38495", "CVE-2021-38503", "CVE-2021-38504", "CVE-2021-38506", "CVE-2021-38507", "CVE-2021-38508", "CVE-2021-38509", "CVE-2021-40529", "CVE-2021-4129", "CVE-2021-4140", "CVE-2021-43528", "CVE-2021-43529", "CVE-2021-43536", "CVE-2021-43537", "CVE-2021-43538", "CVE-2021-43539", "CVE-2021-43541", "CVE-2021-43542", "CVE-2021-43543", "CVE-2021-43545", "CVE-2021-43546", "CVE-2022-0566", "CVE-2022-1196", "CVE-2022-1197", "CVE-2022-1520", "CVE-2022-1529", "CVE-2022-1802", "CVE-2022-1834", "CVE-2022-2200", "CVE-2022-2226", "CVE-2022-22737", "CVE-2022-22738", "CVE-2022-22739", "CVE-2022-22740", "CVE-2022-22741", "CVE-2022-22742", "CVE-2022-22743", "CVE-2022-22745", "CVE-2022-22747", "CVE-2022-22748", "CVE-2022-22751", "CVE-2022-22754", "CVE-2022-22756", "CVE-2022-22759", "CVE-2022-22760", "CVE-2022-22761", "CVE-2022-22763", "CVE-2022-22764", "CVE-2022-24713", "CVE-2022-26381", "CVE-2022-26383", "CVE-2022-26384", "CVE-2022-26386", "CVE-2022-26387", "CVE-2022-26485", "CVE-2022-26486", "CVE-2022-28281", "CVE-2022-28282", "CVE-2022-28285", "CVE-2022-28286", "CVE-2022-28289", "CVE-2022-29909", "CVE-2022-29911", "CVE-2022-29912", "CVE-2022-29913", "CVE-2022-29914", "CVE-2022-29916", "CVE-2022-29917", "CVE-2022-31736", "CVE-2022-31737", "CVE-2022-31738", "CVE-2022-31740", "CVE-2022-31741", "CVE-2022-31742", "CVE-2022-31747", "CVE-2022-34468", "CVE-2022-34470", "CVE-2022-34472", "CVE-2022-34478", "CVE-2022-34479", "CVE-2022-34481", "CVE-2022-34484", "CVE-2022-36318", "CVE-2022-36319"], "modified": "2022-08-10T00:00:00", "id": "GLSA-202208-14", "href": "https://security.gentoo.org/glsa/202208-14", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
CVE-2021-43528
