Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ROCKY_LINUX_RLSA-2022-0845.NASL
HistoryNov 06, 2023 - 12:00 a.m.

Rocky Linux 8 : thunderbird (RLSA-2022:0845)

2023-11-0600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3
rocky linux 8
thunderbird
rlsa-2022:0845
vulnerabilities
remote code execution
denial of service
sensitive information
nessus scanner
xml parsing
use-after-free
integer overflow
sandbox escape
ipc framework

8.3 High

AI Score

Confidence

Low

JSON

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0845 advisory.

  • It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of- bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1.
    (CVE-2022-0566)

  • xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. (CVE-2022-25235)

  • xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. (CVE-2022-25236)

  • In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. (CVE-2022-25315)

  • An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. (CVE-2022-26381)

  • When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
    (CVE-2022-26383)

  • If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. (CVE-2022-26384)

  • Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. This behavior was reverted to the original, user-specific directory.
    <br>This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.. This vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7. (CVE-2022-26386)

  • When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
    (CVE-2022-26387)

  • Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. (CVE-2022-26485)

  • An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.
    (CVE-2022-26486)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2022:0845.
##

include('compat.inc');

if (description)
{
  script_id(184749);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/14");

  script_cve_id(
    "CVE-2022-0566",
    "CVE-2022-25235",
    "CVE-2022-25236",
    "CVE-2022-25315",
    "CVE-2022-26381",
    "CVE-2022-26383",
    "CVE-2022-26384",
    "CVE-2022-26386",
    "CVE-2022-26387",
    "CVE-2022-26485",
    "CVE-2022-26486"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/21");
  script_xref(name:"IAVA", value:"2022-A-0103-S");
  script_xref(name:"RLSA", value:"2022:0845");
  script_xref(name:"IAVA", value:"2022-A-0088-S");

  script_name(english:"Rocky Linux 8 : thunderbird (RLSA-2022:0845)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2022:0845 advisory.

  - It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-
    bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1.
    (CVE-2022-0566)

  - xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks
    for whether a UTF-8 character is valid in a certain context. (CVE-2022-25235)

  - xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters
    into namespace URIs. (CVE-2022-25236)

  - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. (CVE-2022-25315)

  - An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a
    potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and
    Thunderbird < 91.7. (CVE-2022-26381)

  - When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen
    notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
    (CVE-2022-26383)

  - If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not
    <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript
    execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and
    Thunderbird < 91.7. (CVE-2022-26384)

  - Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in
    <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be
    affected by other local users. This behavior was reverted to the original, user-specific directory.
    <br>*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This
    vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7. (CVE-2022-26386)

  - When installing an add-on, Firefox verified the signature before prompting the user; but while the user
    was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have
    noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
    (CVE-2022-26387)

  - Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had
    reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR
    < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. (CVE-2022-26485)

  - An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox
    escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox <
    97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.
    (CVE-2022-26486)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2022:0845");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2055591");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2056363");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2056366");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2056370");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2061735");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2061736");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2062220");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2062221");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2062222");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2062223");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2062224");
  script_set_attribute(attribute:"solution", value:
"Update the affected thunderbird, thunderbird-debuginfo and / or thunderbird-debugsource packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-25315");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/03/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:thunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:thunderbird-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:thunderbird-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:8");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Rocky Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);

if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);

var pkgs = [
    {'reference':'thunderbird-91.7.0-2.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
    {'reference':'thunderbird-91.7.0-2.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
    {'reference':'thunderbird-debuginfo-91.7.0-2.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
    {'reference':'thunderbird-debuginfo-91.7.0-2.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
    {'reference':'thunderbird-debugsource-91.7.0-2.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
    {'reference':'thunderbird-debugsource-91.7.0-2.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird / thunderbird-debuginfo / thunderbird-debugsource');
}
VendorProductVersionCPE
rockylinuxthunderbirdp-cpe:/a:rocky:linux:thunderbird
rockylinuxthunderbird-debuginfop-cpe:/a:rocky:linux:thunderbird-debuginfo
rockylinuxthunderbird-debugsourcep-cpe:/a:rocky:linux:thunderbird-debugsource
rockylinux8cpe:/o:rocky:linux:8

References

Related

osv 14
rocky 2
nessus 65
almalinux 2
openvas 49
redhat 15
oraclelinux 5
centos 2
amazon 1
mageia 4
debian 8
kaspersky 6
altlinux 3
redos 3
mozilla 3
suse 4
slackware 2
ibm 3
ubuntu 4
f5 1
malwarebytes 1
hivepro 1
thn 1
osv
osv
Important: thunderbird security update
2022-03-14 09:49:10
Important: thunderbird security update
2022-03-14 09:49:10
Critical: firefox security update
2022-03-10 14:36:51
rocky
rocky
thunderbird security update
2022-03-14 09:49:10
firefox security update
2022-03-10 14:36:51
nessus
nessus
RHEL 8 : thunderbird (RHSA-2022:0845)
2022-03-15 00:00:00
RHEL 8 : thunderbird (RHSA-2022:0853)
2022-03-15 00:00:00
RHEL 8 : thunderbird (RHSA-2022:0847)
2022-03-15 00:00:00
almalinux
almalinux
Important: thunderbird security update
2022-03-14 09:49:10
Critical: firefox security update
2022-03-10 14:36:51
openvas
openvas
CentOS: Security Advisory for thunderbird (CESA-2022:0850)
2022-03-30 00:00:00
CentOS: Security Advisory for firefox (CESA-2022:0824)
2022-03-30 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:14906-1)
2022-03-12 00:00:00
redhat
redhat
(RHSA-2022:0843) Important: thunderbird security update
2022-03-14 09:41:27
(RHSA-2022:0853) Important: thunderbird security update
2022-03-14 09:58:05
(RHSA-2022:0845) Important: thunderbird security update
2022-03-14 09:49:10
oraclelinux
oraclelinux
thunderbird security update
2022-03-14 00:00:00
thunderbird security update
2022-03-14 00:00:00
firefox security update
2022-03-10 00:00:00
centos
centos
thunderbird security update
2022-03-29 13:54:14
firefox security update
2022-03-29 13:53:09
amazon
amazon
Important: thunderbird
2022-04-25 22:56:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2022-03-08 21:10:44
Updated thunderbird packages fix security vulnerabilities
2022-03-11 11:51:47
Updated thunderbird packages fix security vulnerabilities
2022-03-08 21:56:13
debian
debian
[SECURITY] [DLA 2961-1] thunderbird security update
2022-03-22 08:54:47
[SECURITY] [DLA 2942-1] firefox-esr security update
2022-03-10 08:20:59
[SECURITY] [DSA 5106-1] thunderbird security update
2022-03-21 19:40:07
kaspersky
kaspersky
KLA12472 Multiple vulnerabilities in Mozilla Firefox ESR
2022-03-08 00:00:00
KLA12484 Multiple vulnerabilities in Mozilla Thunderbird
2022-03-08 00:00:00
KLA12471 Multiple vulnerabilities in Mozilla Firefox
2022-03-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 91.7.0-alt1
2022-03-15 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 91.7.0-alt1
2022-03-15 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 91.6.1-alt1
2022-03-11 00:00:00
redos
redos
ROS-20220322-01
2022-03-22 00:00:00
ROS-20220314-01
2022-03-14 00:00:00
ROS-20220309-02
2022-03-09 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 91.7 — Mozilla
2022-03-08 00:00:00
Security Vulnerabilities fixed in Thunderbird 91.7 — Mozilla
2022-03-08 00:00:00
Security Vulnerabilities fixed in Firefox 98 — Mozilla
2022-03-08 00:00:00
suse
suse
Security update for MozillaThunderbird (important)
2022-03-21 00:00:00
Security update for MozillaFirefox (important)
2022-03-14 00:00:00
Security update for MozillaThunderbird (important)
2022-03-10 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2022-03-10 02:35:43
[slackware-security] mozilla-firefox
2022-03-05 20:04:04
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server shipped in IBM WebSphere Application Server Patterns due to Expat vulnerabilities
2022-04-29 19:27:25
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities
2022-03-15 15:35:35
Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server
2022-03-08 21:40:46
ubuntu
ubuntu
Firefox vulnerabilities
2022-03-17 00:00:00
Firefox regressions
2022-03-24 00:00:00
Firefox vulnerabilities
2022-03-10 00:00:00
f5
f5
K19473898 : Expat vulnerabilities CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, and CVE-2022-25315
2022-04-30 00:00:00
malwarebytes
malwarebytes
Update now! Mozilla patches two actively exploited vulnerabilities
2022-03-07 20:25:18
hivepro
hivepro
Mozilla release Security Advisories for multiple vulnerabilities affecting Firefox and Firefox ESR
2022-03-10 06:21:31
thn
thn
2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!
2022-03-07 04:21:00

8.3 High

AI Score

Confidence

Low

JSON
Related for ROCKY_LINUX_RLSA-2022-0845.NASL
osv14rocky2nessus65almalinux2openvas49redhat15oraclelinux5centos2amazon1mageia4debian8kaspersky6altlinux3redos3mozilla3suse4slackware2ibm3ubuntu4f51malwarebytes1hivepro1thn1