Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2013-447.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:0894-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

MozillaThunderbird was updated to security update Thunderbird 17.0.6 (bnc#819204) :

  • MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards

  • MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor

  • MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event

  • MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent

  • MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-447.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75013);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/08");

  script_cve_id(
    "CVE-2013-0801",
    "CVE-2013-1669",
    "CVE-2013-1670",
    "CVE-2013-1674",
    "CVE-2013-1675",
    "CVE-2013-1676",
    "CVE-2013-1677",
    "CVE-2013-1678",
    "CVE-2013-1679",
    "CVE-2013-1680",
    "CVE-2013-1681"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");

  script_name(english:"openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:0894-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"MozillaThunderbird was updated to security update Thunderbird 17.0.6
(bnc#819204) :

  - MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous
    memory safety hazards

  - MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged
    access for content level constructor

  - MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free
    with video and onresize event

  - MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized
    functions in DOMSVGZoomEvent

  - MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/
    CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory
    corruption found using Address Sanitizer");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=819204");
  script_set_attribute(attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-05/msg00038.html");
  script_set_attribute(attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-06/msg00031.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected MozillaThunderbird packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/05/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:enigmail-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.2|SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-17.0.6-49.43.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-buildsymbols-17.0.6-49.43.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-debuginfo-17.0.6-49.43.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-debugsource-17.0.6-49.43.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-devel-17.0.6-49.43.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-devel-debuginfo-17.0.6-49.43.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-translations-common-17.0.6-49.43.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"MozillaThunderbird-translations-other-17.0.6-49.43.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"enigmail-1.5.1+17.0.6-49.43.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"enigmail-debuginfo-1.5.1+17.0.6-49.43.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-17.0.6-61.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-buildsymbols-17.0.6-61.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-debuginfo-17.0.6-61.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-debugsource-17.0.6-61.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-devel-17.0.6-61.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-devel-debuginfo-17.0.6-61.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-translations-common-17.0.6-61.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"MozillaThunderbird-translations-other-17.0.6-61.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"enigmail-1.5.1+17.0.6-61.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"enigmail-debuginfo-1.5.1+17.0.6-61.13.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird");
}
VendorProductVersionCPE
novellopensusemozillathunderbirdp-cpe:/a:novell:opensuse:mozillathunderbird
novellopensusemozillathunderbird-buildsymbolsp-cpe:/a:novell:opensuse:mozillathunderbird-buildsymbols
novellopensusemozillathunderbird-debuginfop-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo
novellopensusemozillathunderbird-debugsourcep-cpe:/a:novell:opensuse:mozillathunderbird-debugsource
novellopensusemozillathunderbird-develp-cpe:/a:novell:opensuse:mozillathunderbird-devel
novellopensusemozillathunderbird-devel-debuginfop-cpe:/a:novell:opensuse:mozillathunderbird-devel-debuginfo
novellopensusemozillathunderbird-translations-commonp-cpe:/a:novell:opensuse:mozillathunderbird-translations-common
novellopensusemozillathunderbird-translations-otherp-cpe:/a:novell:opensuse:mozillathunderbird-translations-other
novellopensuseenigmailp-cpe:/a:novell:opensuse:enigmail
novellopensuseenigmail-debuginfop-cpe:/a:novell:opensuse:enigmail-debuginfo
Rows per page:
1-10 of 121

Related

openvas 58
suse 8
nessus 29
ubuntu 2
veracode 10
oraclelinux 2
redhat 2
centos 2
mozilla 5
freebsd 1
securityvulns 1
ibm 2
debian 1
cvelist 11
prion 11
ubuntucve 11
cve 11
attackerkb 1
cisa_kev 1
zdt 1
metasploit 1
packetstorm 1
seebug 1
exploitdb 1
gentoo 1
openvas
openvas
SuSE Update for MozillaThunderbird openSUSE-SU-2013:0894-1 (MozillaThunderbird)
2013-12-10 00:00:00
openSUSE: Security Advisory for xulrunner (openSUSE-SU-2013:0831-1)
2013-11-19 00:00:00
Ubuntu: Security Advisory (USN-1823-1)
2013-05-17 00:00:00
suse
suse
MozillaThunderbird: update to 17.0.6 (important)
2013-06-10 17:12:08
MozillaThunderbird: update to 17.0.6 (important)
2013-05-27 17:05:02
xulrunner to 17.0.6esr (important)
2013-06-10 18:05:12
nessus
nessus
openSUSE Security Update : xulrunner (openSUSE-SU-2013:0929-1)
2014-06-13 00:00:00
Ubuntu 12.04 LTS / 12.10 / 13.04 : thunderbird vulnerabilities (USN-1823-1)
2013-05-15 00:00:00
CentOS 5 / 6 : firefox (CESA-2013:0820)
2013-05-15 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-05-14 00:00:00
Firefox vulnerabilities
2013-05-14 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2019-05-02 04:54:40
Information Disclosure
2019-05-02 04:54:41
Out-Of-Bounds Read
2019-05-02 04:54:42
oraclelinux
oraclelinux
firefox security update
2013-05-14 00:00:00
thunderbird security update
2013-05-14 00:00:00
redhat
redhat
(RHSA-2013:0820) Critical: firefox security update
2013-05-14 00:00:00
(RHSA-2013:0821) Important: thunderbird security update
2013-05-14 00:00:00
centos
centos
firefox, xulrunner security update
2013-05-14 22:39:45
thunderbird security update
2013-05-14 22:42:14
mozilla
mozilla
Memory corruption found using Address Sanitizer — Mozilla
2013-05-14 00:00:00
Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6) — Mozilla
2013-05-14 00:00:00
Use-after-free with video and onresize event — Mozilla
2013-05-14 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-05-14 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-07-10 00:00:00
ibm
ibm
Security Bulletin: IBM SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities.
2022-09-26 04:23:14
Security Bulletin: IBM Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities.
2022-09-26 04:23:14
debian
debian
[SECURITY] [DSA 2699-1] iceweasel security update
2013-06-02 16:37:52
cvelist
cvelist
CVE-2013-1680
2013-05-16 10:00:00
CVE-2013-1677
2013-05-16 10:00:00
CVE-2013-1681
2013-05-16 10:00:00
prion
prion
Out-of-bounds
2013-05-16 11:45:00
Design/Logic Flaw
2013-05-16 11:45:00
Out-of-bounds
2013-05-16 11:45:00
ubuntucve
ubuntucve
CVE-2013-1677
2013-05-14 00:00:00
CVE-2013-1676
2013-05-14 00:00:00
CVE-2013-1680
2013-05-14 00:00:00
cve
cve
CVE-2013-1677
2013-05-16 11:45:00
CVE-2013-1680
2013-05-16 11:45:00
CVE-2013-1676
2013-05-16 11:45:00
attackerkb
attackerkb
CVE-2013-1675
2013-05-16 00:00:00
cisa_kev
cisa_kev
Mozilla Firefox Information Disclosure Vulnerability
2022-03-03 00:00:00
zdt
zdt
Firefox toString console.time Privileged Javascript Injection Exploit
2014-08-18 00:00:00
metasploit
metasploit
Firefox toString console.time Privileged Javascript Injection
2014-08-15 20:17:37
packetstorm
packetstorm
Firefox toString console.time Privileged Javascript Injection
2014-08-18 00:00:00
seebug
seebug
Firefox toString console.time Privileged Javascript Injection
2014-08-20 00:00:00
exploitdb
exploitdb
Mozilla Firefox - toString console.time Privileged JavaScript Injection (Metasploit)
2014-08-19 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00
JSON
Related for OPENSUSE-2013-447.NASL
openvas58suse8nessus29ubuntu2veracode10oraclelinux2redhat2centos2mozilla5freebsd1securityvulns1ibm2debian1cvelist11prion11ubuntucve11cve11attackerkb1cisa_kev1zdt1metasploit1packetstorm1seebug1exploitdb1gentoo1