| Reporter | Title | Published | Views | Family All 315 |
|---|---|---|---|---|
| FireFox Use after Free Exploit | 30 Nov 201300:00 | – | zdt | |
| Security Bulletin: IBM Storwize V7000 Unified V1.4.2.1 Includes Fixes for Multiple Vendor Security Vulnerabilities. | 26 Sep 202204:23 | – | ibm | |
| Security Bulletin: IBM Scale Out Network Attached Storage V1.4.2.1 Includes Fixes for Multiple Vendor Security Vulnerabilities. | 26 Sep 202204:23 | – | ibm | |
| SeaMonkey < 2.20 Multiple Vulnerabilities | 8 Aug 201300:00 | – | nessus | |
| Mozilla Firefox ESR < 17.0.9 Multiple Vulnerabilities | 6 Nov 201900:00 | – | nessus | |
| Mozilla Firefox < 24.0 Multiple Vulnerabilities | 18 Sep 201300:00 | – | nessus | |
| Mozilla Thunderbird < 24.0 | 18 Sep 201300:00 | – | nessus | |
| SeaMonkey < 2.21 Multiple Vulnerabilities | 18 Sep 201300:00 | – | nessus | |
| Mozilla Thunderbird < 17.0.8 XSS | 27 May 201400:00 | – | nessus | |
| CentOS 5 / 6 : firefox (CESA-2013:1268) | 18 Sep 201300:00 | – | nessus |
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(69991);
script_version("1.19");
script_cvs_date("Date: 2019/11/27");
script_cve_id(
"CVE-2013-1718",
"CVE-2013-1719",
"CVE-2013-1720",
"CVE-2013-1722",
"CVE-2013-1723",
"CVE-2013-1724",
"CVE-2013-1725",
"CVE-2013-1726",
"CVE-2013-1728",
"CVE-2013-1730",
"CVE-2013-1732",
"CVE-2013-1735",
"CVE-2013-1736",
"CVE-2013-1737",
"CVE-2013-1738",
"CVE-2013-6674",
"CVE-2014-2018"
);
script_bugtraq_id(
62460,
62462,
62463,
62464,
62465,
62466,
62467,
62468,
62469,
62472,
62473,
62475,
62478,
62479,
62482,
65158,
65620
);
script_xref(name:"CERT", value:"863369");
script_xref(name:"EDB-ID", value:"31223");
script_name(english:"Thunderbird 17.x through 23.x Multiple Vulnerabilities (Mac OS X)");
script_summary(english:"Checks version of Thunderbird");
script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host contains a mail client that is potentially
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The installed version of Thunderbird is a version prior to 24.0.
It is, therefore, potentially affected by the following
vulnerabilities :
- Memory issues exist in the browser engine that could
allow for denial of service or arbitrary code execution.
(CVE-2013-1718, CVE-2013-1719)
- The HTML5 Tree Builder does not properly maintain
states, which could result in a denial of service or
possible arbitrary code execution. (CVE-2013-1720)
- Multiple use-after-free problems exist, which could
result in denial of service attacks or arbitrary code
execution. (CVE-2013-1722, CVE-2013-1724,
CVE-2013-1735, CVE-2013-1736, CVE-2013-1738)
- The NativeKey widget does not properly terminate key
messages, possibly leading to a denial of service attack.
(CVE-2013-1723)
- Incorrect scope handling for JavaScript objects with
compartments could result in denial of service or
possibly arbitrary code execution. (CVE-2013-1725)
- Local users can gain the same privileges as the Mozilla
Updater because the application does not ensure
exclusive access to the update file. An attacker could
exploit this by inserting a malicious file into the
update file. (CVE-2013-1726)
- Sensitive information can be obtained via unspecified
vectors because the IonMonkey JavaScript does not
properly initialize memory. (CVE-2013-1728)
- A JavaScript compartment mismatch could result in a
denial of service or arbitrary code execution. Versions
of Firefox 20 or greater are not susceptible to the
arbitrary code execution mentioned above.
(CVE-2013-1730)
- A buffer overflow is possible because of an issue with
multi-column layouts. (CVE-2013-1732)
- An object is not properly identified during use of
user-defined getter methods on DOM proxies. This could
result in access restrictions being bypassed.
(CVE-2013-1737)
- An input validation error exists related to email
messages containing HTML and iframes and the action of
replying to or forwarding such messages that could
allow cross-site scripting attacks. (CVE-2013-6674)
- An input validation error exists related to email
messages containing HTML and object or embed elements
that could allow cross-site scripting attacks.
(CVE-2014-2018)");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-76/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-77/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-79/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-80/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-81/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-82/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-83/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-85/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-88/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-89/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-90/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-91/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-92/");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-14/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Thunderbird 24.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1736");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/17");
script_set_attribute(attribute:"patch_publication_date", value:"2013/09/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_thunderbird_installed.nasl");
script_require_keys("MacOSX/Thunderbird/Installed");
exit(0);
}
include("mozilla_version.inc");
kb_base = "MacOSX/Thunderbird";
get_kb_item_or_exit(kb_base+"/Installed");
version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Thunderbird install is in the ESR branch.');
mozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'24.0', min:'17.0', severity:SECURITY_HOLE, xss:TRUE);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation