10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.01 Low
EPSS
Percentile
83.4%
This update for Mozilla Thunderbird fixes the following issues :
Security issues fixed in 52.5.0 ESR as advised in MFSA 2017-26 (boo#1068101) :
CVE-2017-7828: Use-after-free of PressShell while restyling layout
CVE-2017-7830: Cross-origin URL information leak through Resource Timing API
CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
The following bug fixes and improvements are included :
Better support for Charter/Spectrum IMAP
No longer mark other messages as read in search folders spanning multiple base folders
IMAP alerts have been corrected and now show the correct server name in case of connection problems
POP alerts have been corrected and now indicate connection problems in case the configured POP server cannot be found
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-1311.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(104798);
script_version("3.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2017-7826", "CVE-2017-7828", "CVE-2017-7830");
script_name(english:"openSUSE Security Update : Mozilla Thunderbird (openSUSE-2017-1311)");
script_summary(english:"Check for the openSUSE-2017-1311 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for Mozilla Thunderbird fixes the following issues :
Security issues fixed in 52.5.0 ESR as advised in MFSA 2017-26
(boo#1068101) :
- CVE-2017-7828: Use-after-free of PressShell while
restyling layout
- CVE-2017-7830: Cross-origin URL information leak through
Resource Timing API
- CVE-2017-7826: Memory safety bugs fixed in Firefox 57
and Firefox ESR 52.5
The following bug fixes and improvements are included :
- Better support for Charter/Spectrum IMAP
- No longer mark other messages as read in search folders
spanning multiple base folders
- IMAP alerts have been corrected and now show the correct
server name in case of connection problems
- POP alerts have been corrected and now indicate
connection problems in case the configured POP server
cannot be found"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068101"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected Mozilla Thunderbird packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
script_set_attribute(attribute:"patch_publication_date", value:"2017/11/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/28");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-52.5.0-41.21.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-buildsymbols-52.5.0-41.21.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-debuginfo-52.5.0-41.21.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-debugsource-52.5.0-41.21.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-devel-52.5.0-41.21.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-translations-common-52.5.0-41.21.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"MozillaThunderbird-translations-other-52.5.0-41.21.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-52.5.0-50.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-buildsymbols-52.5.0-50.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-debuginfo-52.5.0-50.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-debugsource-52.5.0-50.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-devel-52.5.0-50.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-translations-common-52.5.0-50.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"MozillaThunderbird-translations-other-52.5.0-50.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird / MozillaThunderbird-buildsymbols / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | mozillathunderbird | p-cpe:/a:novell:opensuse:mozillathunderbird |
novell | opensuse | mozillathunderbird-buildsymbols | p-cpe:/a:novell:opensuse:mozillathunderbird-buildsymbols |
novell | opensuse | mozillathunderbird-debuginfo | p-cpe:/a:novell:opensuse:mozillathunderbird-debuginfo |
novell | opensuse | mozillathunderbird-debugsource | p-cpe:/a:novell:opensuse:mozillathunderbird-debugsource |
novell | opensuse | mozillathunderbird-devel | p-cpe:/a:novell:opensuse:mozillathunderbird-devel |
novell | opensuse | mozillathunderbird-translations-common | p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common |
novell | opensuse | mozillathunderbird-translations-other | p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other |
novell | opensuse | 42.2 | cpe:/o:novell:opensuse:42.2 |
novell | opensuse | 42.3 | cpe:/o:novell:opensuse:42.3 |
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.01 Low
EPSS
Percentile
83.4%