| Reporter | Title | Published | Views | Family All 755 |
|---|---|---|---|---|
| CVE-2025-13017 | 11 Nov 202515:47 | – | attackerkb | |
| CVE-2025-13012 | 11 Nov 202515:47 | – | attackerkb | |
| CVE-2025-13018 | 11 Nov 202515:47 | – | attackerkb | |
| CVE-2025-13014 | 11 Nov 202515:47 | – | attackerkb | |
| CVE-2025-13016 | 11 Nov 202515:47 | – | attackerkb | |
| CVE-2025-13013 | 11 Nov 202515:47 | – | attackerkb | |
| CVE-2025-13019 | 11 Nov 202515:47 | – | attackerkb | |
| CVE-2025-13020 | 11 Nov 202515:47 | – | attackerkb | |
| CVE-2025-13015 | 11 Nov 202515:47 | – | attackerkb | |
| Amazon Linux 2023 : firefox (ALAS2023-2025-1298) | 9 Dec 202500:00 | – | nessus |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2026:20002-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(281638);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/04");
script_cve_id(
"CVE-2025-13012",
"CVE-2025-13013",
"CVE-2025-13014",
"CVE-2025-13015",
"CVE-2025-13016",
"CVE-2025-13017",
"CVE-2025-13018",
"CVE-2025-13019",
"CVE-2025-13020"
);
script_name(english:"openSUSE 16 Security Update : MozillaThunderbird (openSUSE-SU-2026:20002-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the
openSUSE-SU-2026:20002-1 advisory.
Changes in MozillaThunderbird:
Mozilla Thunderbird 140.5.0 ESR
MFSA 2025-91 (bsc#1253188):
* CVE-2025-13012
Race condition in the Graphics component
* CVE-2025-13016
Incorrect boundary conditions in the JavaScript: WebAssembly
component
* CVE-2025-13017
Same-origin policy bypass in the DOM: Notifications component
* CVE-2025-13018
Mitigation bypass in the DOM: Security component
* CVE-2025-13019
Same-origin policy bypass in the DOM: Workers component
* CVE-2025-13013
Mitigation bypass in the DOM: Core & HTML component
* CVE-2025-13020
Use-after-free in the WebRTC: Audio/Video component
* CVE-2025-13014
Use-after-free in the Audio/Video component
* CVE-2025-13015
Spoofing issue in Thunderbird
* fixed: Could not drag and drop ICS file to Today Pane
* fixed: With Thunderbird closed, clicking a 'mailto:' link to
send signed message failed
* fixed: Upgrade from 128.x->140.x broke authentication for
@att.net using Yahoo backend
Mozilla Thunderbird 140.4.0 ESR
* Account Hub is now disabled by default for second email account
* Users could not read mail signed with OpenPGP v6 and PQC keys
* Image preview in Insert Image dialog failed with CSP error for web resources
* Emptying trash on exit did not work with some providers
* Thunderbird could crash when applying filters
* Users were unable to override expired mail server certificate
* Opening Website header link in RSS feed incorrectly re-encoded
URL parameters
Mozilla Thunderbird 140.3.1 ESR:
* several bugfixes listed here
https://www.thunderbird.net/en-US/thunderbird/140.3.1esr/releasenotes
-------------------------------------------------------------------
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1253188");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2025-13012");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2025-13013");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2025-13014");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2025-13015");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2025-13016");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2025-13017");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2025-13018");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2025-13019");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2025-13020");
script_set_attribute(attribute:"solution", value:
"Update the affected MozillaThunderbird, MozillaThunderbird-openpgp-librnp, MozillaThunderbird-translations-common and /
or MozillaThunderbird-translations-other packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-13020");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/11/11");
script_set_attribute(attribute:"patch_publication_date", value:"2026/01/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-openpgp-librnp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:16.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/SuSE/release');
if (isnull(os_release) || os_release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var _os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:os_release);
if (isnull(_os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
_os_ver = _os_ver[1];
if (os_release !~ "^(SUSE16\.0)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '16.0', os_release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + _os_ver, cpu);
var pkgs = [
{'reference':'MozillaThunderbird-140.5.0-bp160.1.1', 'release':'SUSE16.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'MozillaThunderbird-openpgp-librnp-140.5.0-bp160.1.1', 'release':'SUSE16.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'MozillaThunderbird-translations-common-140.5.0-bp160.1.1', 'release':'SUSE16.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'MozillaThunderbird-translations-other-140.5.0-bp160.1.1', 'release':'SUSE16.0', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var _cpu = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (rpm_check(release:_release, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaThunderbird / MozillaThunderbird-openpgp-librnp / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation