Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2019-4148.NASLHistoryDec 12, 2019 - 12:00 a.m.
RHEL 7 : thunderbird (RHSA-2019:4148)
2019-12-1200:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29
9.4 High
AI Score
Confidence
High
An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 68.3.0.
Security Fix(es) :
-
Mozilla: Use-after-free in worker destruction (CVE-2019-17008)
-
Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012)
-
Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)
-
Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010)
-
Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2019:4148. The text
# itself is copyright (C) Red Hat, Inc.
#
include('compat.inc');
if (description)
{
script_id(131977);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/04");
script_cve_id(
"CVE-2019-17005",
"CVE-2019-17008",
"CVE-2019-17010",
"CVE-2019-17011",
"CVE-2019-17012"
);
script_xref(name:"RHSA", value:"2019:4148");
script_name(english:"RHEL 7 : thunderbird (RHSA-2019:4148)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"An update for thunderbird is now available for Red Hat Enterprise
Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 68.3.0.
Security Fix(es) :
* Mozilla: Use-after-free in worker destruction (CVE-2019-17008)
* Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
(CVE-2019-17012)
* Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005)
* Mozilla: Use-after-free when performing device orientation checks
(CVE-2019-17010)
* Mozilla: Use-after-free when retrieving a document in antitracking
(CVE-2019-17011)
For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section.");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:4148");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-17005");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-17008");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-17010");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-17011");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-17012");
script_set_attribute(attribute:"solution", value:
"Update the affected thunderbird and / or thunderbird-debuginfo
packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17012");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/08");
script_set_attribute(attribute:"patch_publication_date", value:"2019/12/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2019:4148";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"thunderbird-68.3.0-1.el7_7", allowmaj:TRUE)) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"thunderbird-debuginfo-68.3.0-1.el7_7", allowmaj:TRUE)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird / thunderbird-debuginfo");
}
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | thunderbird | p-cpe:/a:redhat:enterprise_linux:thunderbird |
| redhat | enterprise_linux | thunderbird-debuginfo | p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo |
| redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
| redhat | enterprise_linux | 7.7 | cpe:/o:redhat:enterprise_linux:7.7 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012
access.redhat.com/errata/RHSA-2019:4148
access.redhat.com/security/cve/cve-2019-17005
access.redhat.com/security/cve/cve-2019-17008
access.redhat.com/security/cve/cve-2019-17010
access.redhat.com/security/cve/cve-2019-17011
access.redhat.com/security/cve/cve-2019-17012
www.mozilla.org/en-US/security/advisories/mfsa2019-38/
Related
nessus
nessus
Oracle Linux 8 : thunderbird (ELSA-2019-4195)
2019-12-12 00:00:00
RHEL 6 : firefox (RHSA-2019:4108)
2019-12-06 00:00:00
RHEL 6 : thunderbird (RHSA-2019:4205)
2019-12-12 00:00:00
redhat
redhat
(RHSA-2019:4148) Important: thunderbird security update
2019-12-10 10:00:29
(RHSA-2019:4205) Important: thunderbird security update
2019-12-11 09:58:37
(RHSA-2019:4195) Important: thunderbird security update
2019-12-10 19:09:15
centos
centos
thunderbird security update
2019-12-24 15:58:02
firefox security update
2019-12-11 17:42:55
firefox security update
2019-12-24 15:58:51
osv
osv
firefox-esr - security update
2019-12-10 00:00:00
firefox-esr - security update
2019-12-09 00:00:00
thunderbird - security update
2019-12-16 00:00:00
openvas
openvas
CentOS Update for firefox CESA-2019:4107 centos7
2020-01-08 00:00:00
CentOS Update for thunderbird CESA-2019:4148 centos7
2020-01-08 00:00:00
Debian: Security Advisory (DLA-2029-1)
2019-12-11 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2020-07-07 00:00:00
thunderbird security update
2019-12-11 00:00:00
firefox security update
2019-12-06 00:00:00
debian
debian
[SECURITY] [DSA 4580-1] firefox-esr security update
2019-12-09 19:59:41
[SECURITY] [DLA 2029-1] firefox-esr security update
2019-12-10 13:16:02
[SECURITY] [DLA 2036-1] thunderbird security update
2019-12-16 12:25:29
amazon
amazon
Important: thunderbird
2020-01-14 20:08:00
archlinux
archlinux
[ASA-201912-2] thunderbird: arbitrary code execution
2019-12-06 00:00:00
[ASA-201912-1] firefox: multiple issues
2019-12-03 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2019-12-08 21:12:18
Updated thunderbird packages fix security vulnerabilities
2019-12-08 21:12:18
ibm
ibm
suse
suse
Security update for MozillaThunderbird (important)
2020-01-09 00:00:00
Security update for MozillaFirefox (important)
2020-01-09 00:00:00
kaspersky
kaspersky
KLA11612 Multiple vulnerabilities in Mozilla Firefox ESR
2019-12-03 00:00:00
KLA11613 Multiple vulnerabilities in Mozilla Thunderbird
2019-11-09 00:00:00
KLA11611 Multiple vulnerabilities in Mozilla Firefox
2019-12-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 68.3.0-alt1
2019-12-05 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 68.3.1-alt1
2019-12-23 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2019-12-03 19:30:37
mozilla
mozilla
Security Vulnerabilities fixed in - Firefox ESR 68.3 — Mozilla
2019-12-03 00:00:00
Security Vulnerabilities fixed in - Thunderbird 68.3 — Mozilla
2019-12-03 00:00:00
Security Vulnerabilities fixed in - Firefox 71 — Mozilla
2019-12-03 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2019-12-13 00:00:00
Firefox vulnerabilities
2019-12-09 00:00:00
Thunderbird vulnerabilities
2020-01-16 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-12-06 00:16:44
Denial Of Service (DoS)
2019-12-06 00:16:42
Denial Of Service (DoS)
2019-12-06 00:16:43
redhatcve
redhatcve
prion
prion
Design/Logic Flaw
2020-01-08 22:15:00
Race condition
2020-01-08 22:15:00
Design/Logic Flaw
2020-01-08 22:15:00
cve
cve
alpinelinux
alpinelinux
debiancve
debiancve
ubuntucve
ubuntucve
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2020-03-12 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2020-03-14 00:00:00