Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_THUNDERBIRD_60_3.NASL
HistoryNov 01, 2018 - 12:00 a.m.

Mozilla Thunderbird < 60.3 Multiple Vulnerabilities (macOS)

2018-11-0100:00:00
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.011 Low

EPSS

Percentile

84.5%

JSON

The version of Mozilla Thunderbird installed on the remote macOS host is prior to 60.3. It is, therefore, affected by multiple vulnerabilities as noted in Mozilla Thunderbird stable channel update release notes for 2018/10/31. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application’s self- reported version number.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(118592);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/06");

  script_cve_id(
    "CVE-2018-12389",
    "CVE-2018-12390",
    "CVE-2018-12391",
    "CVE-2018-12392",
    "CVE-2018-12393"
  );

  script_name(english:"Mozilla Thunderbird < 60.3 Multiple Vulnerabilities (macOS)");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote macOS host is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Mozilla Thunderbird installed on the remote macOS host
is prior to 60.3. It is, therefore, affected by multiple
vulnerabilities as noted in Mozilla Thunderbird stable channel update
release notes for 2018/10/31. Please refer to the release notes for
additional information. Note that Nessus has not attempted to exploit
these issues but has instead relied only on the application's self-
reported version number.");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1442010
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?614520ad");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1443748
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?99f950cc");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1469486
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ec6f6183");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1478843
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a30fef4e");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1481844
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75a288c2");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1483699
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?56a8a5aa");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1483905
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?10a58f5f");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1484905
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?56bedc2c");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1487098
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2fa35353");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1487660
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6af37c5b");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1488803
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?55d351a5");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1490234
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?82482803");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1490561
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a6a9565b");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1492524
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5daf782e");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1492823
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?166aa054");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1493347
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a933cb35");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1495011
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?39935a02");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1495245
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c5b58d2f");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1496159
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f6925998");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1496340
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a31d3226");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1498460
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f93877a1");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1498482
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b3a7cc16");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1498701
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ef389f56");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1499198
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?82d76ead");
  # https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?902c50a9");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla Thunderbird version 60.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12391");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-12392");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/10/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_thunderbird_installed.nasl");
  script_require_keys("MacOSX/Thunderbird/Installed");

  exit(0);
}

include("mozilla_version.inc");

kb_base = "MacOSX/Thunderbird";
get_kb_item_or_exit(kb_base+"/Installed");

version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);

if (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Thunderbird install is in the ESR branch.');

mozilla_check_version(version:version, path:path, product:'thunderbird', esr:FALSE, fix:'60.3', severity:SECURITY_HOLE);
VendorProductVersionCPE
mozillathunderbirdcpe:/a:mozilla:thunderbird

References

Related

mozilla 3
openvas 30
suse 3
nessus 46
kaspersky 2
altlinux 2
amazon 1
oraclelinux 4
centos 4
redhat 4
osv 4
debian 4
archlinux 2
gentoo 2
mageia 2
ibm 1
ubuntu 3
cvelist 5
nvd 5
prion 5
cve 5
redhatcve 5
debiancve 5
ubuntucve 5
freebsd 1
veracode 4
mozilla
mozilla
Security vulnerabilities fixed in Thunderbird ESR 60.3 — Mozilla
2018-10-31 00:00:00
Security vulnerabilities fixed in Firefox ESR 60.3 — Mozilla
2018-10-23 00:00:00
Security vulnerabilities fixed in Firefox 63 — Mozilla
2018-10-23 00:00:00
openvas
openvas
openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2018:3646-1)
2018-11-08 00:00:00
CentOS Update for thunderbird CESA-2018:3532 centos7
2018-12-18 00:00:00
Debian: Security Advisory (DSA-4337-1)
2018-11-09 00:00:00
suse
suse
Security update for MozillaThunderbird (important)
2018-11-07 15:18:18
Security update for Mozilla Firefox (important)
2018-10-25 15:21:20
Security update for MozillaThunderbird (important)
2018-11-09 15:08:31
nessus
nessus
Mozilla Thunderbird < 60.3 Multiple Vulnerabilities
2018-11-01 00:00:00
openSUSE Security Update : MozillaThunderbird (openSUSE-2019-772)
2019-03-27 00:00:00
openSUSE Security Update : MozillaThunderbird (openSUSE-2018-1340)
2018-11-08 00:00:00
kaspersky
kaspersky
KLA11342 Multiple vulnerabilities in Mozilla Thunderbird
2018-10-31 00:00:00
KLA11341 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
2018-10-23 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package thunderbird version 60.3.0-alt1
2018-11-02 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 60.3.0-alt1
2018-10-23 00:00:00
amazon
amazon
Critical: thunderbird
2019-02-13 18:22:00
oraclelinux
oraclelinux
thunderbird security update
2018-11-21 00:00:00
thunderbird security update
2018-11-09 00:00:00
firefox security and bug fix update
2018-10-24 00:00:00
centos
centos
thunderbird security update
2018-11-20 14:48:58
thunderbird security update
2018-11-21 00:26:14
firefox security update
2018-10-25 21:25:23
redhat
redhat
(RHSA-2018:3532) Important: thunderbird security update
2018-11-08 22:21:55
(RHSA-2018:3531) Important: thunderbird security update
2018-11-08 22:21:23
(RHSA-2018:3005) Critical: firefox security and bug fix update
2018-10-24 20:52:57
osv
osv
thunderbird - security update
2018-11-10 00:00:00
firefox-esr - security update
2018-10-24 00:00:00
firefox-esr - security update
2018-11-07 00:00:00
debian
debian
[SECURITY] [DSA 4337-1] thunderbird security update
2018-11-10 22:07:18
[SECURITY] [DSA 4324-1] firefox-esr security update
2018-10-24 20:38:22
[SECURITY] [DLA 1571-1] firefox-esr security update
2018-11-07 21:05:22
archlinux
archlinux
[ASA-201811-10] thunderbird: arbitrary code execution
2018-11-06 00:00:00
[ASA-201810-14] firefox: multiple issues
2018-10-24 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2018-11-09 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2018-11-24 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2018-10-27 12:45:46
Updated thunderbird packages fix security issues & bugs
2018-12-16 00:29:48
ibm
ibm
Security Bulletin: Multiple Mozilla Firefox vulnerabilities in IBM SONAS
2019-05-02 07:45:01
ubuntu
ubuntu
Thunderbird vulnerabilities
2019-01-24 00:00:00
Firefox vulnerabilities
2018-10-24 00:00:00
Firefox regressions
2018-11-23 00:00:00
cvelist
cvelist
CVE-2018-12391
2019-02-28 18:00:00
CVE-2018-12393
2019-02-28 18:00:00
CVE-2018-12390
2019-02-28 18:00:00
nvd
nvd
CVE-2018-12391
2019-02-28 18:29:00
CVE-2018-12389
2019-02-28 18:29:00
CVE-2018-12390
2019-02-28 18:29:00
prion
prion
Cross site scripting
2019-02-28 18:29:00
Memory corruption
2019-02-28 18:29:00
Memory corruption
2019-02-28 18:29:00
cve
cve
CVE-2018-12391
2019-02-28 18:29:00
CVE-2018-12389
2019-02-28 18:29:00
CVE-2018-12393
2019-02-28 18:29:00
redhatcve
redhatcve
CVE-2018-12391
2018-10-23 22:21:20
CVE-2018-12389
2020-04-04 05:02:08
CVE-2018-12390
2020-02-01 04:05:03
debiancve
debiancve
CVE-2018-12391
2019-02-28 18:29:00
CVE-2018-12389
2019-02-28 18:29:00
CVE-2018-12390
2019-02-28 18:29:00
ubuntucve
ubuntucve
CVE-2018-12391
2019-02-28 00:00:00
CVE-2018-12390
2018-10-24 00:00:00
CVE-2018-12389
2019-01-24 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2018-10-23 00:00:00
veracode
veracode
Memory Corruption
2019-05-16 03:18:10
Remote Code Execution (RCE)
2019-01-15 09:25:14
Remote Code Execution (RCE)
2019-05-16 03:18:09

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.011 Low

EPSS

Percentile

84.5%

JSON
Related for MACOSX_THUNDERBIRD_60_3.NASL
mozilla3openvas30suse3nessus46kaspersky2altlinux2amazon1oraclelinux4centos4redhat4osv4debian4archlinux2gentoo2mageia2ibm1ubuntu3cvelist5nvd5prion5cve5redhatcve5debiancve5ubuntucve5freebsd1veracode4