Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2015 Greenbone AGOPENVAS:1361412562310805914
HistoryJul 09, 2015 - 12:00 a.m.

Mozilla Thunderbird Multiple Vulnerabilities-01 (Jul 2015) - Mac OS X

2015-07-0900:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
41

5.5 Medium

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%

JSON

Mozilla Thunderbird is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mozilla:thunderbird";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.805914");
  script_version("2024-02-09T05:06:25+0000");
  script_cve_id("CVE-2015-2740", "CVE-2015-2739", "CVE-2015-2738", "CVE-2015-2737",
                "CVE-2015-2736", "CVE-2015-2735", "CVE-2015-2734", "CVE-2015-2724",
                "CVE-2015-2721", "CVE-2015-2725", "CVE-2015-2741", "CVE-2015-2731",
                "CVE-2015-4000");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-09 05:06:25 +0000 (Fri, 09 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2021-01-20 15:15:00 +0000 (Wed, 20 Jan 2021)");
  script_tag(name:"creation_date", value:"2015-07-09 13:45:29 +0530 (Thu, 09 Jul 2015)");
  script_name("Mozilla Thunderbird Multiple Vulnerabilities-01 (Jul 2015) - Mac OS X");

  script_tag(name:"summary", value:"Mozilla Thunderbird is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to:

  - Buffer overflow error in the 'nsXMLHttpRequest::AppendToResponseText' function.

  - An error in the 'rx::d3d11::SetBufferData' function in the Direct3D 11
  implementation.

  - An error in the 'YCbCrImageDataDeserializer::ToDataSourceSurface' function
  in the YCbCr implementation.

  - An error in 'ArrayBufferBuilder::append' function.

  - An error in the 'CairoTextureClientD3D9::BorrowDrawTarget' function in the
  Direct3D 9 implementation.

  - An error in 'nsZipArchive::BuildFileList' function.

  - Unspecified error in nsZipArchive.cpp script.

  - Multiple unspecified memory related errors.

  - Multiple errors within Network Security Services (NSS).

  - An use-after-free vulnerabilities.

  - An overridable error allowing for skipping pinning checks.");

  script_tag(name:"impact", value:"Successful exploitation will allow remote
  attackers to execute arbitrary code, obtain sensitive information, conduct
  man-in-the-middle attack, conduct denial-of-service attack and other
  unspecified impacts.");

  script_tag(name:"affected", value:"Mozilla Thunderbird before version 38.1
  on Mac OS X");

  script_tag(name:"solution", value:"Upgrade to Mozilla Thunderbird version
  38.1 or later.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"qod_type", value:"registry");

  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/75541");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74733");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-67");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-63");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-59");

  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_category(ACT_GATHER_INFO);
  script_family("General");
  script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
  script_mandatory_keys("Thunderbird/MacOSX/Version");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!vers = get_app_version(cpe:CPE))
  exit(0);

if(version_is_less(version:vers, test_version:"38.1"))
{
  report = 'Installed version: ' + vers + '\n' +
           'Fixed version:     38.1\n';
  security_message(data:report);
  exit(0);
}

Related

nessus 41
openvas 38
redhat 3
centos 3
oraclelinux 2
ubuntu 3
debian 2
archlinux 2
mageia 3
mozilla 5
osv 2
veracode 18
suse 5
freebsd 1
securityvulns 1
ibm 20
ubuntucve 12
cvelist 12
prion 12
cve 12
debiancve 1
atlassian 1
nessus
nessus
Mozilla Thunderbird < 38.1 Multiple Vulnerabilities (Mac OS X) (Logjam)
2015-07-07 00:00:00
Mozilla Thunderbird < 38.1 Multiple Vulnerabilities (Logjam)
2015-07-07 00:00:00
RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1455)
2015-07-21 00:00:00
openvas
openvas
Mozilla Thunderbird Multiple Vulnerabilities-01 (Jul 2015) - Windows
2015-07-08 00:00:00
RedHat Update for thunderbird RHSA-2015:1455-01
2015-07-21 00:00:00
Debian Security Advisory DSA 3324-1 (icedove - security update)
2015-08-01 00:00:00
redhat
redhat
(RHSA-2015:1455) Important: thunderbird security update
2015-07-20 00:00:00
(RHSA-2015:1207) Critical: firefox security update
2015-07-02 00:00:00
(RHSA-2015:1185) Moderate: nss security update
2015-06-25 00:00:00
centos
centos
thunderbird security update
2015-07-20 18:55:36
firefox security update
2015-07-06 14:50:33
nss security update
2015-06-25 10:23:56
oraclelinux
oraclelinux
thunderbird security update
2015-07-20 00:00:00
firefox security update
2015-07-03 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2015-07-20 00:00:00
Firefox vulnerabilities
2015-07-09 00:00:00
Firefox vulnerabilities
2015-07-15 00:00:00
debian
debian
[SECURITY] [DSA 3324-1] icedove security update
2015-08-01 17:10:07
[SECURITY] [DSA 3300-1] iceweasel security update
2015-07-03 22:06:38
archlinux
archlinux
thunderbird: multiple issues
2015-07-11 00:00:00
firefox: multiple issues
2015-07-03 00:00:00
mageia
mageia
Updated thunderbird package fixes security vulnerabilities
2015-07-27 20:18:02
Updated firefox package fixes security vulnerability
2015-07-05 20:22:03
Updated filezilla package fixes security vulnerability
2015-07-05 20:22:03
mozilla
mozilla
Vulnerabilities found through code inspection — Mozilla
2015-07-02 00:00:00
Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1) — Mozilla
2015-07-02 00:00:00
Key pinning is ignored when overridable errors are encountered — Mozilla
2015-07-02 00:00:00
osv
osv
iceweasel - security update
2015-07-04 00:00:00
nss - security update
2016-06-07 00:00:00
veracode
veracode
Buffer Overflow
2019-05-02 05:40:24
Out-of-bounds Read
2019-05-02 05:40:22
Buffer Overflow
2019-05-02 05:40:23
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2015-07-13 11:07:56
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2015-07-20 12:09:44
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2015-07-20 12:08:39
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-07-02 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-07-13 00:00:00
ibm
ibm
Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS
2018-06-18 00:09:55
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox in IBM Storwize V7000 Unified
2018-06-18 00:09:54
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Rational Application Developer for WebSphere (CVE-2015-4000)
2020-02-05 00:09:48
ubuntucve
ubuntucve
CVE-2015-2741
2015-07-05 00:00:00
CVE-2015-2740
2015-07-05 00:00:00
CVE-2015-2736
2015-07-05 00:00:00
cvelist
cvelist
CVE-2015-2736
2015-07-06 01:00:00
CVE-2015-2738
2015-07-06 01:00:00
CVE-2015-2741
2015-07-06 01:00:00
prion
prion
Buffer overflow
2015-07-06 02:01:00
Design/Logic Flaw
2015-07-06 02:01:00
Design/Logic Flaw
2015-07-06 02:01:00
cve
cve
CVE-2015-2738
2015-07-06 02:01:00
CVE-2015-2741
2015-07-06 02:01:00
CVE-2015-2735
2015-07-06 02:01:00
debiancve
debiancve
CVE-2015-2721
2015-07-06 02:00:00
atlassian
atlassian
Update Java version bundled found in the installer to a version >= 1.8u51
2015-07-15 01:43:18

5.5 Medium

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%

JSON
Related for OPENVAS:1361412562310805914
nessus41openvas38redhat3centos3oraclelinux2ubuntu3debian2archlinux2mageia3mozilla5osv2veracode18suse5freebsd1securityvulns1ibm20ubuntucve12cvelist12prion12cve12debiancve1atlassian1