Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2023 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_THUNDERBIRD_17_0_6_ESR.NASL
HistoryMay 16, 2013 - 12:00 a.m.

Thunderbird ESR 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)

2013-05-1600:00:00
This script is Copyright (C) 2013-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.911 High

EPSS

Percentile

98.9%

JSON

The installed version of Thunderbird ESR 17.x is prior to 17.0.6 and is, therefore, potentially affected the following vulnerabilities :

  • Various memory safety issues exist. (CVE-2013-0801)

  • It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670)

  • A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672)

  • A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674)

  • Some ‘DOMSVGZoomEvent’ functions are used without being properly initialized, which could lead to information disclosure. (CVE-2013-1675)

  • Multiple memory corruption issues exist. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(66478);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");

  script_cve_id(
    "CVE-2013-0801",
    "CVE-2013-1670",
    "CVE-2013-1672",
    "CVE-2013-1674",
    "CVE-2013-1675",
    "CVE-2013-1676",
    "CVE-2013-1677",
    "CVE-2013-1678",
    "CVE-2013-1679",
    "CVE-2013-1680",
    "CVE-2013-1681"
  );
  script_bugtraq_id(
    59855,
    59858,
    59859,
    59860,
    59861,
    59862,
    59863,
    59864,
    59865,
    59868,
    59872
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");

  script_name(english:"Thunderbird ESR 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host contains a mail client that is potentially
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The installed version of Thunderbird ESR 17.x is prior to 17.0.6 and
is, therefore, potentially affected the following vulnerabilities :

  - Various memory safety issues exist. (CVE-2013-0801)

  - It is possible to call a content level constructor that
    allows for the constructor to have chrome privileged
    access. (CVE-2013-1670)

  - A local privilege escalation issues exists in the
    Mozilla Maintenance Service. (CVE-2013-1672)

  - A use-after-free vulnerability exists when resizing
    video while playing. (CVE-2013-1674)

  - Some 'DOMSVGZoomEvent' functions are used without being
    properly initialized, which could lead to information
    disclosure. (CVE-2013-1675)

  - Multiple memory corruption issues exist. (CVE-2013-1676,
    CVE-2013-1677, CVE-2013-1678, CVE-2013-1679,
    CVE-2013-1680, CVE-2013-1681)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-41/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-42/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-46/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-47/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-48/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Thunderbird ESR 17.0.6 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1681");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/05/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2013-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_thunderbird_installed.nasl");
  script_require_keys("MacOSX/Thunderbird/Installed");

  exit(0);
}


include("mozilla_version.inc");

kb_base = "MacOSX/Thunderbird";
get_kb_item_or_exit(kb_base+"/Installed");

version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);

is_esr = get_kb_item(kb_base+"/is_esr");
if (isnull(is_esr)) audit(AUDIT_NOT_INST, "Mozilla Thunderbird ESR");

mozilla_check_version(product:'thunderbird', version:version, path:path, esr:TRUE, fix:'17.0.6', min:'17.0', severity:SECURITY_HOLE);
VendorProductVersionCPE
mozillathunderbirdcpe:/a:mozilla:thunderbird

References

Related

nessus 29
openvas 59
centos 2
veracode 10
redhat 2
ubuntu 2
suse 8
oraclelinux 2
mozilla 6
freebsd 1
securityvulns 1
ibm 2
debian 1
cvelist 11
ubuntucve 11
nvd 11
prion 11
cve 11
cisa_kev 1
attackerkb 1
metasploit 1
zdt 1
packetstorm 1
seebug 1
exploitdb 1
gentoo 1
nessus
nessus
Mozilla Thunderbird ESR 17.x < 17.0.6 Multiple Vulnerabilities
2013-05-16 00:00:00
Oracle Linux 6 : thunderbird (ELSA-2013-0821)
2013-07-12 00:00:00
Firefox ESR 17.x < 17.0.6 Multiple Vulnerabilities
2013-05-16 00:00:00
openvas
openvas
Mozilla Thunderbird Multiple Vulnerabilities -01 (May 2013) - Windows
2013-05-27 00:00:00
Mozilla Thunderbird Multiple Vulnerabilities -01 (May 2013) - Mac OS X
2013-05-27 00:00:00
Mozilla Thunderbird ESR Multiple Vulnerabilities -01 (May 2013) - Mac OS X
2013-05-27 00:00:00
centos
centos
firefox, xulrunner security update
2013-05-14 22:39:45
thunderbird security update
2013-05-14 22:42:14
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:54:43
Use-After-Free
2019-05-02 04:54:41
Cross-Site Scripting (XSS)
2019-05-02 04:54:40
redhat
redhat
(RHSA-2013:0821) Important: thunderbird security update
2013-05-14 00:00:00
(RHSA-2013:0820) Critical: firefox security update
2013-05-14 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-05-14 00:00:00
Firefox vulnerabilities
2013-05-14 00:00:00
suse
suse
xulrunner to 17.0.6esr (important)
2013-05-27 17:04:43
MozillaThunderbird: update to 17.0.6 (important)
2013-06-10 17:12:08
MozillaFirefox: update to version 21.0 (important)
2013-06-10 18:13:40
oraclelinux
oraclelinux
firefox security update
2013-05-14 00:00:00
thunderbird security update
2013-05-14 00:00:00
mozilla
mozilla
Memory corruption found using Address Sanitizer — Mozilla
2013-05-14 00:00:00
Local privilege escalation through Mozilla Maintenance Service — Mozilla
2013-05-14 00:00:00
Privileged access for content level constructor — Mozilla
2013-05-14 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-05-14 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-07-10 00:00:00
ibm
ibm
Security Bulletin: IBM SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities.
2022-09-26 04:23:14
Security Bulletin: IBM Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities.
2022-09-26 04:23:14
debian
debian
[SECURITY] [DSA 2699-1] iceweasel security update
2013-06-02 16:37:13
cvelist
cvelist
CVE-2013-1677
2013-05-16 10:00:00
CVE-2013-1672
2013-05-16 10:00:00
CVE-2013-1680
2013-05-16 10:00:00
ubuntucve
ubuntucve
CVE-2013-1680
2013-05-14 00:00:00
CVE-2013-1681
2013-05-14 00:00:00
CVE-2013-1672
2013-05-16 00:00:00
nvd
nvd
CVE-2013-1677
2013-05-16 11:45:30
CVE-2013-1672
2013-05-16 11:45:30
CVE-2013-1680
2013-05-16 11:45:30
prion
prion
Design/Logic Flaw
2013-05-16 11:45:00
Out-of-bounds
2013-05-16 11:45:00
Design/Logic Flaw
2013-05-16 11:45:00
cve
cve
CVE-2013-1674
2013-05-16 11:45:30
CVE-2013-1672
2013-05-16 11:45:30
CVE-2013-1676
2013-05-16 11:45:30
cisa_kev
cisa_kev
Mozilla Firefox Information Disclosure Vulnerability
2022-03-03 00:00:00
attackerkb
attackerkb
CVE-2013-1675
2013-05-16 00:00:00
metasploit
metasploit
Firefox toString console.time Privileged Javascript Injection
2014-08-15 20:17:37
zdt
zdt
Firefox toString console.time Privileged Javascript Injection Exploit
2014-08-18 00:00:00
packetstorm
packetstorm
Firefox toString console.time Privileged Javascript Injection
2014-08-18 00:00:00
seebug
seebug
Firefox toString console.time Privileged Javascript Injection
2014-08-20 00:00:00
exploitdb
exploitdb
Mozilla Firefox - toString console.time Privileged JavaScript Injection (Metasploit)
2014-08-19 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.911 High

EPSS

Percentile

98.9%

JSON
Related for MACOSX_THUNDERBIRD_17_0_6_ESR.NASL
nessus29openvas59centos2veracode10redhat2ubuntu2suse8oraclelinux2mozilla6freebsd1securityvulns1ibm2debian1cvelist11ubuntucve11nvd11prion11cve11cisa_kev1attackerkb1metasploit1zdt1packetstorm1seebug1exploitdb1gentoo1