Vulners
Lucene search
Mozilla Thunderbird < 60.4
| Reporter | Title | Published | Views | Family All 273 |
|---|---|---|---|---|
 | Mozilla Firefox < 64 Multiple Vulnerabilities | 6 Feb 201900:00 | – | nessus |
| Amazon Linux 2 : thunderbird (ALAS-2019-1168) | 8 Mar 201900:00 | – | nessus |
| CentOS 6 : firefox (CESA-2018:3831) | 27 Dec 201800:00 | – | nessus |
| CentOS 7 : firefox (CESA-2018:3833) | 27 Dec 201800:00 | – | nessus |
| CentOS 6 : thunderbird (CESA-2019:0159) | 4 Feb 201900:00 | – | nessus |
| CentOS 7 : thunderbird (CESA-2019:0160) | 4 Feb 201900:00 | – | nessus |
| Debian DLA-1605-1 : firefox-esr security update | 14 Dec 201800:00 | – | nessus |
| Debian DSA-4330-1 : chromium-browser - security update | 5 Nov 201800:00 | – | nessus |
| Debian DSA-4354-1 : firefox-esr - security update | 13 Dec 201800:00 | – | nessus |
| Debian DSA-4362-1 : thunderbird - security update | 7 Jan 201900:00 | – | nessus |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mozilla Foundation Security Advisory mfsa2018-31.
# The text itself is copyright (C) Mozilla Foundation.
##
include('compat.inc');
if (description)
{
script_id(275687);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/18");
script_cve_id(
"CVE-2018-12405",
"CVE-2018-17466",
"CVE-2018-18492",
"CVE-2018-18493",
"CVE-2018-18494",
"CVE-2018-18498"
);
script_name(english:"Mozilla Thunderbird < 60.4");
script_set_attribute(attribute:"synopsis", value:
"A mail client installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 60.4. It is, therefore, affected
by multiple vulnerabilities as referenced in the mfsa2018-31 advisory.
- A potential vulnerability leading to an integer overflow can occur during buffer size calculations for
images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds
write. (CVE-2018-18498)
- A buffer overflow and out-of-bounds read can occur in <code>TextureStorage11</code> within the ANGLE
graphics library, used for WebGL content. This results in a potentially exploitable crash.
(CVE-2018-17466)
- A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the
<code>select</code> element in the <code>options</code> collection. This results in a potentially
exploitable crash. (CVE-2018-18492)
- A buffer overflow can occur in the Skia library during buffer offset calculations with hardware
accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a
potentially exploitable crash. (CVE-2018-18493)
- A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript
<code>location</code> property to cause a redirection to another site using
<code>performance.getEntries()</code>. This is a same-origin policy violation and could allow for data
theft. (CVE-2018-18494)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla Thunderbird version 60.4 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-18498");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/16");
script_set_attribute(attribute:"patch_publication_date", value:"2018/12/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_thunderbird_installed.nasl");
script_require_keys("installed_sw/Mozilla Thunderbird");
exit(0);
}
include('vdf.inc');
# @tvdl-content-verify-only
var vuln_data = {
"metadata": {
"spec_version": "1.0"
},
"requires": [
{
"scope": "target",
"match": {
"os": "macos"
}
}
],
"checks": [
{
"product": {
"name": "Mozilla Thunderbird",
"type": "app"
},
"check_algorithm": "default",
"constraints": [
{
"fixed_version": "60.4"
}
]
}
]
};
var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Nov 2025 00:00Current
8High risk
Vulners AI Score8
CVSS 27.5
CVSS 39.8
EPSS0.30298