Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.MOZILLA_THUNDERBIRD_60_3.NASL
HistoryNov 01, 2018 - 12:00 a.m.

Mozilla Thunderbird < 60.3 Multiple Vulnerabilities

2018-11-0100:00:00
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
JSON

The version of Mozilla Thunderbird installed on the remote Windows host is prior to 60.3. It is, therefore, affected by multiple vulnerabilities as noted in Mozilla Thunderbird stable channel update release notes for 2018/10/31. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application’s self- reported version number.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(118593);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/06");

  script_cve_id(
    "CVE-2018-12389",
    "CVE-2018-12390",
    "CVE-2018-12391",
    "CVE-2018-12392",
    "CVE-2018-12393"
  );

  script_name(english:"Mozilla Thunderbird < 60.3 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote Windows host is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Mozilla Thunderbird installed on the remote Windows
host is prior to 60.3. It is, therefore, affected by multiple
vulnerabilities as noted in Mozilla Thunderbird stable channel update
release notes for 2018/10/31. Please refer to the release notes for
additional information. Note that Nessus has not attempted to exploit
these issues but has instead relied only on the application's self-
reported version number.");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1442010
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?614520ad");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1443748
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?99f950cc");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1469486
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ec6f6183");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1478843
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a30fef4e");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1481844
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75a288c2");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1483699
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?56a8a5aa");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1483905
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?10a58f5f");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1484905
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?56bedc2c");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1487098
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2fa35353");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1487660
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6af37c5b");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1488803
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?55d351a5");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1490234
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?82482803");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1490561
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a6a9565b");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1492524
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5daf782e");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1492823
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?166aa054");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1493347
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a933cb35");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1495011
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?39935a02");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1495245
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c5b58d2f");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1496159
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f6925998");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1496340
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a31d3226");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1498460
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f93877a1");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1498482
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b3a7cc16");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1498701
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ef389f56");
  # https://bugzilla.mozilla.org/show_bug.cgi?id=1499198
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?82d76ead");
  # https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?902c50a9");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla Thunderbird version 60.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12391");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-12392");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/10/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("Mozilla/Thunderbird/Version");

  exit(0);
}

include("mozilla_version.inc");
port = get_kb_item_or_exit("SMB/transport");

installs = get_kb_list("SMB/Mozilla/Thunderbird/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "Thunderbird");

mozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'60.3', severity:SECURITY_HOLE);
VendorProductVersionCPE
mozillathunderbirdcpe:/a:mozilla:thunderbird

References

Related

openvas 30
mozilla 3
nessus 46
suse 3
altlinux 2
kaspersky 2
oraclelinux 4
amazon 1
centos 4
debian 4
redhat 4
osv 4
archlinux 2
gentoo 2
ibm 1
mageia 2
ubuntu 3
prion 5
cve 5
ubuntucve 5
redhatcve 5
debiancve 5
veracode 4
freebsd 1
openvas
openvas
openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2018:3646-1)
2018-11-08 00:00:00
CentOS Update for thunderbird CESA-2018:3532 centos7
2018-12-18 00:00:00
Debian: Security Advisory (DSA-4337-1)
2018-11-09 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Thunderbird ESR 60.3 — Mozilla
2018-10-31 00:00:00
Security vulnerabilities fixed in Firefox ESR 60.3 — Mozilla
2018-10-23 00:00:00
Security vulnerabilities fixed in Firefox 63 — Mozilla
2018-10-23 00:00:00
nessus
nessus
Mozilla Thunderbird < 60.3 Multiple Vulnerabilities (macOS)
2018-11-01 00:00:00
openSUSE Security Update : MozillaThunderbird (openSUSE-2018-1340)
2018-11-08 00:00:00
openSUSE Security Update : MozillaThunderbird (openSUSE-2019-772)
2019-03-27 00:00:00
suse
suse
Security update for MozillaThunderbird (important)
2018-11-07 15:18:18
Security update for Mozilla Firefox (important)
2018-10-25 15:21:20
Security update for MozillaThunderbird (important)
2018-11-09 15:08:31
altlinux
altlinux
Security fix for the ALT Linux 10 package thunderbird version 60.3.0-alt1
2018-11-02 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 60.3.0-alt1
2018-10-23 00:00:00
kaspersky
kaspersky
KLA11342 Multiple vulnerabilities in Mozilla Thunderbird
2018-10-31 00:00:00
KLA11341 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
2018-10-23 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2018-11-21 00:00:00
thunderbird security update
2018-11-09 00:00:00
firefox security and bug fix update
2018-10-24 00:00:00
amazon
amazon
Critical: thunderbird
2019-02-13 18:22:00
centos
centos
thunderbird security update
2018-11-20 14:48:58
thunderbird security update
2018-11-21 00:26:14
firefox security update
2018-10-25 21:44:35
debian
debian
[SECURITY] [DSA 4337-1] thunderbird security update
2018-11-10 22:07:46
[SECURITY] [DSA 4324-1] firefox-esr security update
2018-10-24 20:38:43
[SECURITY] [DLA 1571-1] firefox-esr security update
2018-11-07 21:05:43
redhat
redhat
(RHSA-2018:3531) Important: thunderbird security update
2018-11-08 22:21:23
(RHSA-2018:3532) Important: thunderbird security update
2018-11-08 22:21:55
(RHSA-2018:3005) Critical: firefox security and bug fix update
2018-10-24 20:52:57
osv
osv
thunderbird - security update
2018-11-10 00:00:00
firefox-esr - security update
2018-10-24 00:00:00
firefox-esr - security update
2018-11-07 00:00:00
archlinux
archlinux
[ASA-201811-10] thunderbird: arbitrary code execution
2018-11-06 00:00:00
[ASA-201810-14] firefox: multiple issues
2018-10-24 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2018-11-09 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2018-11-24 00:00:00
ibm
ibm
Security Bulletin: Multiple Mozilla Firefox vulnerabilities in IBM SONAS
2019-05-02 07:45:01
mageia
mageia
Updated firefox packages fix security vulnerabilities
2018-10-27 12:45:46
Updated thunderbird packages fix security issues & bugs
2018-12-16 00:29:48
ubuntu
ubuntu
Thunderbird vulnerabilities
2019-01-24 00:00:00
Firefox vulnerabilities
2018-10-24 00:00:00
Firefox regressions
2018-11-23 00:00:00
prion
prion
Cross site scripting
2019-02-28 18:29:00
Memory corruption
2019-02-28 18:29:00
Memory corruption
2019-02-28 18:29:00
cve
cve
CVE-2018-12391
2019-02-28 18:29:00
CVE-2018-12389
2019-02-28 18:29:00
CVE-2018-12393
2019-02-28 18:29:00
ubuntucve
ubuntucve
CVE-2018-12391
2019-02-28 00:00:00
CVE-2018-12390
2018-10-24 00:00:00
CVE-2018-12389
2019-01-24 00:00:00
redhatcve
redhatcve
CVE-2018-12391
2018-10-23 22:21:20
CVE-2018-12389
2020-04-04 05:02:08
CVE-2018-12390
2020-02-01 04:05:03
debiancve
debiancve
CVE-2018-12391
2019-02-28 18:29:00
CVE-2018-12389
2019-02-28 18:29:00
CVE-2018-12390
2019-02-28 18:29:00
veracode
veracode
Remote Code Execution (RCE)
2019-05-16 03:18:09
Remote Code Execution (RCE)
2019-01-15 09:25:14
Memory Corruption
2019-05-16 03:18:10
freebsd
freebsd
mozilla -- multiple vulnerabilities
2018-10-23 00:00:00
JSON
Related for MOZILLA_THUNDERBIRD_60_3.NASL
openvas30mozilla3nessus46suse3altlinux2kaspersky2oraclelinux4amazon1centos4debian4redhat4osv4archlinux2gentoo2ibm1mageia2ubuntu3prion5cve5ubuntucve5redhatcve5debiancve5veracode4freebsd1