Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2023 Greenbone AGOPENVAS:1361412562310832101
HistoryMar 31, 2023 - 12:00 a.m.

Mozilla Thunderbird Security Advisory (MFSA2023-12) - Mac OS X

2023-03-3100:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
2

8.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.2%

JSON

Thunderbird vulnerable to denial-of-service vulnerability.

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mozilla:thunderbird";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.832101");
  script_version("2024-02-15T05:05:40+0000");
  script_cve_id("CVE-2023-28427");
  script_tag(name:"cvss_base", value:"8.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:C");
  script_tag(name:"last_modification", value:"2024-02-15 05:05:40 +0000 (Thu, 15 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-04-07 12:37:00 +0000 (Fri, 07 Apr 2023)");
  script_tag(name:"creation_date", value:"2023-03-31 12:54:16 +0530 (Fri, 31 Mar 2023)");
  script_name("Mozilla Thunderbird Security Advisory (MFSA2023-12) - Mac OS X");

  script_tag(name:"summary", value:"Thunderbird vulnerable to denial-of-service vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"The flaw exists due to error in the handling
  of Matrix SDK bundled with Thunderbird.");

  script_tag(name:"impact", value:"Successful exploitation allow attackers to
  execute arbitrary code and cause denial of service condition.");

  script_tag(name:"affected", value:"Mozilla Thunderbird version before 102.9.1 on Mac OS X.");

  script_tag(name:"solution", value:"Upgrade to Mozilla Thunderbird version 102.9.1
  or later, Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"executable_version");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("General");
  script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
  script_mandatory_keys("Thunderbird/MacOSX/Version");
  exit(0);
}
include("host_details.inc");
include("version_func.inc");

if( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) ) exit( 0 );
tbVer = infos['version'];
tbPath = infos['location'];

if(version_is_less(version:tbVer, test_version:"102.9.1"))
{
  report = report_fixed_ver(installed_version:tbVer, fixed_version:"102.9.1", install_path:tbPath);
  security_message(data:report);
  exit(0);
}

Related

nessus 29
kaspersky 1
mageia 1
veracode 1
mozilla 1
osv 8
cvelist 1
prion 1
alpinelinux 1
slackware 1
debiancve 1
openvas 6
ubuntucve 1
cve 1
redhatcve 1
freebsd 1
github 1
oraclelinux 3
debian 2
rocky 2
redhat 8
almalinux 2
centos 1
gentoo 1
nessus
nessus
Fedora 36 : thunderbird (2023-0e1ae0d5f6)
2023-04-14 00:00:00
Fedora 38 : thunderbird (2023-a9c17dff60)
2023-04-04 00:00:00
Mozilla Thunderbird < 102.9.1
2023-03-29 00:00:00
kaspersky
kaspersky
KLA48708 DoS vulnerability in Mozilla Thunderbird
2023-03-28 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerability
2023-04-11 22:02:20
veracode
veracode
Prototype Pollution
2023-04-04 09:55:51
mozilla
mozilla
Security Vulnerabilities fixed in Thunderbird 102.9.1 — Mozilla
2023-03-28 00:00:00
osv
osv
CVE-2023-28427
2023-03-28 21:15:11
Prototype pollution in matrix-js-sdk (part 2)
2023-03-30 20:19:18
Important: thunderbird security update
2023-04-17 00:00:00
cvelist
cvelist
CVE-2023-28427 Prototype pollution in matrix-js-sdk
2023-03-28 20:32:22
prion
prion
Design/Logic Flaw
2023-03-28 21:15:00
alpinelinux
alpinelinux
CVE-2023-28427
2023-03-28 21:15:11
slackware
slackware
[slackware-security] mozilla-thunderbird
2023-03-29 21:19:17
debiancve
debiancve
CVE-2023-28427
2023-03-28 21:15:11
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0132)
2023-04-12 00:00:00
Slackware: Security Advisory (SSA:2023-088-01)
2023-03-30 00:00:00
Mozilla Thunderbird Security Advisory (MFSA2023-12) - Windows
2023-03-31 00:00:00
ubuntucve
ubuntucve
CVE-2023-28427
2023-03-28 00:00:00
cve
cve
CVE-2023-28427
2023-03-28 21:15:11
redhatcve
redhatcve
CVE-2023-28427
2023-03-30 17:43:02
freebsd
freebsd
Matrix clients -- Prototype pollution in matrix-js-sdk
2023-03-28 00:00:00
github
github
Prototype pollution in matrix-js-sdk (part 2)
2023-03-30 20:19:18
oraclelinux
oraclelinux
thunderbird security update
2023-04-18 00:00:00
thunderbird security update
2023-04-18 00:00:00
thunderbird security update
2023-04-18 00:00:00
debian
debian
[SECURITY] [DLA 3400-1] thunderbird security update
2023-04-24 08:55:37
[SECURITY] [DSA 5392-1] thunderbird security update
2023-04-22 16:11:22
rocky
rocky
thunderbird security update
2023-04-26 15:29:00
thunderbird security update
2023-04-26 15:28:13
redhat
redhat
(RHSA-2023:1804) Important: thunderbird security update
2023-04-17 13:44:12
(RHSA-2023:1810) Important: thunderbird security update
2023-04-17 13:55:45
(RHSA-2023:1805) Important: thunderbird security update
2023-04-17 13:45:46
almalinux
almalinux
Important: thunderbird security update
2023-04-17 00:00:00
Important: thunderbird security update
2023-04-17 00:00:00
centos
centos
thunderbird security update
2023-04-24 14:49:28
gentoo
gentoo
Mozilla Thunderbird: Multiple Vulnerabilities
2023-05-30 00:00:00

8.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.2%

JSON
Related for OPENVAS:1361412562310832101
nessus29kaspersky1mageia1veracode1mozilla1osv8cvelist1prion1alpinelinux1slackware1debiancve1openvas6ubuntucve1cve1redhatcve1freebsd1github1oraclelinux3debian2rocky2redhat8almalinux2centos1gentoo1