Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2023 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_THUNDERBIRD_17_0_6_ESR.NASL
HistoryMay 16, 2013 - 12:00 a.m.

Thunderbird ESR 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)

2013-05-1600:00:00
This script is Copyright (C) 2013-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.911 High

EPSS

Percentile

98.9%

JSON

The installed version of Thunderbird ESR 17.x is prior to 17.0.6 and is, therefore, potentially affected the following vulnerabilities :

  • Various memory safety issues exist. (CVE-2013-0801)

  • It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670)

  • A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672)

  • A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674)

  • Some ‘DOMSVGZoomEvent’ functions are used without being properly initialized, which could lead to information disclosure. (CVE-2013-1675)

  • Multiple memory corruption issues exist. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(66478);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");

  script_cve_id(
    "CVE-2013-0801",
    "CVE-2013-1670",
    "CVE-2013-1672",
    "CVE-2013-1674",
    "CVE-2013-1675",
    "CVE-2013-1676",
    "CVE-2013-1677",
    "CVE-2013-1678",
    "CVE-2013-1679",
    "CVE-2013-1680",
    "CVE-2013-1681"
  );
  script_bugtraq_id(
    59855,
    59858,
    59859,
    59860,
    59861,
    59862,
    59863,
    59864,
    59865,
    59868,
    59872
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");

  script_name(english:"Thunderbird ESR 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host contains a mail client that is potentially
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The installed version of Thunderbird ESR 17.x is prior to 17.0.6 and
is, therefore, potentially affected the following vulnerabilities :

  - Various memory safety issues exist. (CVE-2013-0801)

  - It is possible to call a content level constructor that
    allows for the constructor to have chrome privileged
    access. (CVE-2013-1670)

  - A local privilege escalation issues exists in the
    Mozilla Maintenance Service. (CVE-2013-1672)

  - A use-after-free vulnerability exists when resizing
    video while playing. (CVE-2013-1674)

  - Some 'DOMSVGZoomEvent' functions are used without being
    properly initialized, which could lead to information
    disclosure. (CVE-2013-1675)

  - Multiple memory corruption issues exist. (CVE-2013-1676,
    CVE-2013-1677, CVE-2013-1678, CVE-2013-1679,
    CVE-2013-1680, CVE-2013-1681)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-41/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-42/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-46/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-47/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-48/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Thunderbird ESR 17.0.6 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1681");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/05/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2013-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_thunderbird_installed.nasl");
  script_require_keys("MacOSX/Thunderbird/Installed");

  exit(0);
}


include("mozilla_version.inc");

kb_base = "MacOSX/Thunderbird";
get_kb_item_or_exit(kb_base+"/Installed");

version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);

is_esr = get_kb_item(kb_base+"/is_esr");
if (isnull(is_esr)) audit(AUDIT_NOT_INST, "Mozilla Thunderbird ESR");

mozilla_check_version(product:'thunderbird', version:version, path:path, esr:TRUE, fix:'17.0.6', min:'17.0', severity:SECURITY_HOLE);
VendorProductVersionCPE
mozillathunderbirdcpe:/a:mozilla:thunderbird

References

Related

openvas 59
nessus 29
veracode 10
centos 2
redhat 2
oraclelinux 2
suse 8
ubuntu 2
mozilla 6
freebsd 1
securityvulns 1
ibm 2
debian 1
prion 11
nvd 11
cvelist 11
ubuntucve 11
cve 11
attackerkb 1
cisa_kev 1
packetstorm 1
seebug 1
metasploit 1
zdt 1
exploitdb 1
gentoo 1
openvas
openvas
Mozilla Firefox ESR Multiple Vulnerabilities -01 May13 (Windows)
2013-05-27 00:00:00
Mozilla Thunderbird ESR Multiple Vulnerabilities -01 May13 (Windows)
2013-05-27 00:00:00
Mozilla Thunderbird Multiple Vulnerabilities -01 May13 (Mac OS X)
2013-05-27 00:00:00
nessus
nessus
Firefox ESR 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)
2013-05-16 00:00:00
Mozilla Thunderbird 17.x < 17.0.6 Multiple Vulnerabilities
2013-05-15 00:00:00
Mozilla Thunderbird 17.x < 17.0.6 Multiple Vulnerabilities
2013-05-15 00:00:00
veracode
veracode
Out-Of-Bounds Read
2019-05-02 04:54:42
Arbitrary Code Execution
2019-05-02 04:54:43
Use-After-Free
2019-05-02 04:54:41
centos
centos
thunderbird security update
2013-05-14 22:42:14
firefox, xulrunner security update
2013-05-14 22:39:45
redhat
redhat
(RHSA-2013:0820) Critical: firefox security update
2013-05-14 00:00:00
(RHSA-2013:0821) Important: thunderbird security update
2013-05-14 00:00:00
oraclelinux
oraclelinux
firefox security update
2013-05-14 00:00:00
thunderbird security update
2013-05-14 00:00:00
suse
suse
xulrunner to 17.0.6esr (important)
2013-05-27 17:04:43
MozillaThunderbird: update to 17.0.6 (important)
2013-06-10 17:12:08
xulrunner to 17.0.6esr (important)
2013-06-10 18:05:12
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-05-14 00:00:00
Firefox vulnerabilities
2013-05-14 00:00:00
mozilla
mozilla
Memory corruption found using Address Sanitizer — Mozilla
2013-05-14 00:00:00
Local privilege escalation through Mozilla Maintenance Service — Mozilla
2013-05-14 00:00:00
Privileged access for content level constructor — Mozilla
2013-05-14 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-05-14 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-07-10 00:00:00
ibm
ibm
Security Bulletin: IBM SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities.
2022-09-26 04:23:14
Security Bulletin: IBM Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities.
2022-09-26 04:23:14
debian
debian
[SECURITY] [DSA 2699-1] iceweasel security update
2013-06-02 16:37:13
prion
prion
Design/Logic Flaw
2013-05-16 11:45:00
Out-of-bounds
2013-05-16 11:45:00
Design/Logic Flaw
2013-05-16 11:45:00
nvd
nvd
CVE-2013-1680
2013-05-16 11:45:30
CVE-2013-1676
2013-05-16 11:45:30
CVE-2013-1672
2013-05-16 11:45:30
cvelist
cvelist
CVE-2013-1680
2013-05-16 10:00:00
CVE-2013-1677
2013-05-16 10:00:00
CVE-2013-1672
2013-05-16 10:00:00
ubuntucve
ubuntucve
CVE-2013-1676
2013-05-14 00:00:00
CVE-2013-1680
2013-05-14 00:00:00
CVE-2013-1681
2013-05-14 00:00:00
cve
cve
CVE-2013-1676
2013-05-16 11:45:30
CVE-2013-1677
2013-05-16 11:45:30
CVE-2013-1674
2013-05-16 11:45:30
attackerkb
attackerkb
CVE-2013-1675
2013-05-16 00:00:00
cisa_kev
cisa_kev
Mozilla Firefox Information Disclosure Vulnerability
2022-03-03 00:00:00
packetstorm
packetstorm
Firefox toString console.time Privileged Javascript Injection
2014-08-18 00:00:00
seebug
seebug
Firefox toString console.time Privileged Javascript Injection
2014-08-20 00:00:00
metasploit
metasploit
Firefox toString console.time Privileged Javascript Injection
2014-08-15 20:17:37
zdt
zdt
Firefox toString console.time Privileged Javascript Injection Exploit
2014-08-18 00:00:00
exploitdb
exploitdb
Mozilla Firefox - toString console.time Privileged JavaScript Injection (Metasploit)
2014-08-19 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.911 High

EPSS

Percentile

98.9%

JSON
Related for MACOSX_THUNDERBIRD_17_0_6_ESR.NASL
openvas59nessus29veracode10centos2redhat2oraclelinux2suse8ubuntu2mozilla6freebsd1securityvulns1ibm2debian1prion11nvd11cvelist11ubuntucve11cve11attackerkb1cisa_kev1packetstorm1seebug1metasploit1zdt1exploitdb1gentoo1