Mozilla < 1.7.3 / Thunderbird < 0.8 Multiple Vulnerabilities

2004-09-1500:00:00

www.tenable.com

The remote host is using Mozilla and/or Thunderbird, an alternative mail user agent.

The remote version of this software is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host.

To exploit these flaws, an attacker would need to send a rogue email to a victim on the remote host.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(14729);
 script_version("1.20");
 script_cve_id("CVE-2004-0902", "CVE-2004-0903", "CVE-2004-0904");
 script_bugtraq_id(11174, 11171, 11170);

 script_name(english:"Mozilla < 1.7.3 / Thunderbird < 0.8 Multiple Vulnerabilities");

 script_set_attribute(attribute:"synopsis", value:
"The remote host has an application that is affected by 
multiple flaws." );
 script_set_attribute(attribute:"description", value:
"The remote host is using Mozilla and/or Thunderbird, an 
alternative mail user agent.

The remote version of this software is vulnerable to 
several flaws that could allow an attacker to execute 
arbitrary code on the remote host.

To exploit these flaws, an attacker would need to send a 
rogue email to a victim on the remote host." );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla 1.7.3 or Thunderbird 0.8 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/15");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/08/29");
 script_cvs_date("Date: 2018/08/22 16:49:14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:mozilla");
script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:thunderbird");
script_end_attributes();

 script_summary(english:"Determines the version of Mozilla");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_family(english:"Windows");
 script_dependencies("mozilla_org_installed.nasl");
 script_require_keys("Mozilla/Thunderbird/Version");
 exit(0);
}

#

include("misc_func.inc");


ver = read_version_in_kb("Mozilla/Version");
if (!isnull(ver))
{
  if (
    ver[0] < 1 ||
    (
      ver[0] == 1 &&
      (
        ver[1] < 7 ||
        (ver[1] == 7 && ver[2] < 3)
      )
    )
  )  security_hole(get_kb_item("SMB/transport"));
}

ver = read_version_in_kb("Mozilla/Thunderbird/Version");
if (!isnull(ver))
{
  if (ver[0] == 0 && ver[1] < 8)
    security_hole(get_kb_item("SMB/transport"));
}

VendorProductVersionCPE
mozillamozillacpe:/a:mozilla:mozilla
mozillathunderbirdcpe:/a:mozilla:thunderbird

Vendor	Product	Version	CPE
mozilla	mozilla		cpe:/a:mozilla:mozilla
mozilla	thunderbird		cpe:/a:mozilla:thunderbird

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0902

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0903

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0904

JSON

Related for THUNDERBIRD_MULTIPLE_FLAWS.NASL