Lucene search

HistoryFeb 08, 2024 - 12:00 a.m.

CentOS 8 : thunderbird (CESA-2023:0463)

2024-02-0800:00:00

www.tenable.com

centos 8

thunderbird

vulnerabilities

mozilla

remote host

security advisory

memory safety bugs

nessus

cve-2022-46871

cve-2022-46877

cve-2023-23598

cve-2023-23599

cve-2023-23601

cve-2023-23602

cve-2023-23603

cve-2023-23605

gtk drag and drop

content security policy

websockets

webworkers

arbitrary code

7.8 High

AI Score

Confidence

High

JSON

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:0463 advisory.

Mozilla: libusrsctp library out of date (CVE-2022-46871)
Mozilla: Fullscreen notification bypass (CVE-2022-46877)
Mozilla: Arbitrary file read from GTK drag and drop on Linux (CVE-2023-23598)
Mozilla: Malicious command could be hidden in devtools output (CVE-2023-23599)
Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation (CVE-2023-23601)
Mozilla: Content Security Policy wasn’t being correctly applied to WebSockets in WebWorkers (CVE-2023-23602)
Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive (CVE-2023-23603)
Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
(CVE-2023-23605)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Red Hat Security Advisory RHSA-2023:0463. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(190185);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/08");

  script_cve_id(
    "CVE-2022-46871",
    "CVE-2022-46877",
    "CVE-2023-23598",
    "CVE-2023-23599",
    "CVE-2023-23601",
    "CVE-2023-23602",
    "CVE-2023-23603",
    "CVE-2023-23605"
  );
  script_xref(name:"IAVA", value:"2023-A-0056-S");
  script_xref(name:"RHSA", value:"2023:0463");

  script_name(english:"CentOS 8 : thunderbird (CESA-2023:0463)");

  script_set_attribute(attribute:"synopsis", value:
"The remote CentOS host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the
CESA-2023:0463 advisory.

  - Mozilla: libusrsctp library out of date (CVE-2022-46871)

  - Mozilla: Fullscreen notification bypass (CVE-2022-46877)

  - Mozilla: Arbitrary file read from GTK drag and drop on Linux (CVE-2023-23598)

  - Mozilla: Malicious command could be hidden in devtools output (CVE-2023-23599)

  - Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation (CVE-2023-23601)

  - Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
    (CVE-2023-23602)

  - Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
    (CVE-2023-23603)

  - Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of
    memory corruption and we presume that with enough effort some of these could have been exploited to run
    arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
    (CVE-2023-23605)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2023:0463");
  script_set_attribute(attribute:"solution", value:
"Update the affected thunderbird package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-23605");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/01/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:8-stream");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:thunderbird");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CentOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/CentOS/release');
if (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');
var os_ver = pregmatch(pattern: "CentOS(?: Stream)?(?: Linux)? release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');
os_ver = os_ver[1];
if ('CentOS Stream' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);

if (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);

var pkgs = [
    {'reference':'thunderbird-102.7.1-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
    {'reference':'thunderbird-102.7.1-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');
}

VendorProductVersionCPE
centoscentos8-streamcpe:/o:centos:centos:8-stream
centoscentosthunderbirdp-cpe:/a:centos:centos:thunderbird

Vendor	Product	Version	CPE
centos	centos	8-stream	cpe:/o:centos:centos:8-stream
centos	centos	thunderbird	p-cpe:/a:centos:centos:thunderbird

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23599

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605

access.redhat.com/errata/RHSA-2023:0463

7.8 High

AI Score

Confidence

High

JSON

Related for CENTOS8_RHSA-2023-0463.NASL