| Source | Link |
|---|---|
| bugzilla | www.bugzilla.opensuse.org/show_bug.cgi |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2021-93.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('compat.inc');
if (description)
{
script_id(145288);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/26");
script_cve_id("CVE-2020-16044");
script_name(english:"openSUSE Security Update : MozillaThunderbird (openSUSE-2021-93)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This update for MozillaThunderbird fixes the following issues :
- Mozilla Thunderbird 78.6.1
- changed: MailExtensions: browserAction, composeAction,
and messageDisplayAction toolbar buttons now support
label and default_label properties (bmo#1583478)
- fixed: Running a quicksearch that returned no results
did not offer to re-run as a global search (bmo#1663153)
- fixed: Message search toolbar fixes (bmo#1681010)
- fixed: Very long subject lines distorted the message
compose and display windows, making them unusable
(bmo#77806)
- fixed: Compose window: Recipient addresses that had not
yet been autocompleted were lost when clicking Send
button (bmo#1674054)
- fixed: Compose window: New message is no longer marked
as 'changed' just from tabbing out of the recipient
field without editing anything (bmo#1681389)
- fixed: Account autodiscover fixes when using MS Exchange
servers (bmo#1679759)
- fixed: LDAP address book stability fix (bmo#1680914)
- fixed: Messages with invalid vcard attachments were not
marked as read when viewed in the preview window
(bmo#1680468)
- fixed: Chat: Could not add TLS certificate exceptions
for XMPP connections (bmo#1590471)
- fixed: Calendar: System timezone was not always properly
detected (bmo#1678839)
- fixed: Calendar: Descriptions were sometimes blank when
editing a single occurrence of a repeating event
(bmo#1664731)
- fixed: Various printing bugfixes (bmo#1676166)
- fixed: Visual consistency and theme improvements
(bmo#1682808) MFSA 2021-02 (bsc#1180623)
- CVE-2020-16044 (bmo#1683964) Use-after-free write when
handling a malicious COOKIE-ECHO SCTP chunk
This update was imported from the SUSE:SLE-15:Update update project.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1180623");
script_set_attribute(attribute:"solution", value:
"Update the affected MozillaThunderbird packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-16044");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/02/09");
script_set_attribute(attribute:"patch_publication_date", value:"2021/01/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE15.2", reference:"MozillaThunderbird-78.6.1-lp152.2.26.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"MozillaThunderbird-debuginfo-78.6.1-lp152.2.26.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"MozillaThunderbird-debugsource-78.6.1-lp152.2.26.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"MozillaThunderbird-translations-common-78.6.1-lp152.2.26.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"MozillaThunderbird-translations-other-78.6.1-lp152.2.26.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaThunderbird / MozillaThunderbird-debuginfo / etc");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation