Vulners
Lucene search
CentOS 7 : thunderbird (RHSA-2023:4495)
| Reporter | Title | Published | Views | Family All 585 |
|---|---|---|---|---|
 | Exploit for Improper Validation of Array Index in Rarlab Winrar | 29 Aug 202316:29 | – | githubexploit |
 | Amazon Linux 2 : thunderbird (ALAS-2023-2248) | 20 Sep 202300:00 | – | nessus |
| Amazon Linux 2 : firefox (ALASFIREFOX-2023-002) | 27 Sep 202300:00 | – | nessus |
| AlmaLinux 9 : firefox (ALSA-2023:4462) | 4 Aug 202300:00 | – | nessus |
| AlmaLinux 8 : firefox (ALSA-2023:4468) | 4 Aug 202300:00 | – | nessus |
| AlmaLinux 8 : thunderbird (ALSA-2023:4497) | 8 Aug 202300:00 | – | nessus |
| AlmaLinux 9 : thunderbird (ALSA-2023:4499) | 8 Aug 202300:00 | – | nessus |
| CentOS 7 : firefox (RHSA-2023:4461) | 9 Jan 202400:00 | – | nessus |
| Debian dla-3510 : thunderbird - security update | 31 Jul 202300:00 | – | nessus |
| Debian dla-3521 : thunderbird - security update | 8 Aug 202300:00 | – | nessus |
10
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2023:4495.
##
include('compat.inc');
if (description)
{
script_id(187751);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");
script_cve_id(
"CVE-2023-3417",
"CVE-2023-4045",
"CVE-2023-4046",
"CVE-2023-4047",
"CVE-2023-4048",
"CVE-2023-4049",
"CVE-2023-4050",
"CVE-2023-4055",
"CVE-2023-4056",
"CVE-2023-4057"
);
script_xref(name:"IAVA", value:"2023-A-0379-S");
script_xref(name:"RHSA", value:"2023:4495");
script_name(english:"CentOS 7 : thunderbird (RHSA-2023:4495)");
script_set_attribute(attribute:"synopsis", value:
"The remote CentOS Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the
RHSA-2023:4495 advisory.
- Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could
be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of
Thunderbird will strip the character and show the correct file extension. This vulnerability affects
Thunderbird < 115.0.1 and Thunderbird < 102.13.1. (CVE-2023-3417)
- Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image
data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116,
Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4045)
- In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This
resulted in incorrect compilation and a potentially exploitable crash in the content process. This
vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4046)
- A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user
into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR
< 115.1. (CVE-2023-4047)
- An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low
memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR <
115.1. (CVE-2023-4048)
- Race conditions in reference counting code were found through code inspection. These could have resulted
in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116,
Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4049)
- In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This
resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability
affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4050)
- When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the
host was no longer consistent with expected cookie jar state. This could have caused requests to be sent
with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR
< 115.1. (CVE-2023-4055)
- Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and
Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects
Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. (CVE-2023-4056)
- Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs
showed evidence of memory corruption and we presume that with enough effort some of these could have been
exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and
Thunderbird < 115.1. (CVE-2023-4057)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2023:4495");
script_set_attribute(attribute:"solution", value:
"Update the affected thunderbird package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-4057");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/04");
script_set_attribute(attribute:"patch_publication_date", value:"2023/08/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:thunderbird");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CentOS Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/CentOS/release');
if (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');
var os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);
if (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);
var pkgs = [
{'reference':'thunderbird-102.14.0-1.el7_9', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'thunderbird-102.14.0-1.el7_9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Jan 2024 00:00Current
8.3High risk
Vulners AI Score8.3
CVSS 3.19.8
EPSS0.03618
SSVC