Lucene search

openSUSE: Security Advisory for MozillaThunderbird (SUSE-SU-2023:3059-1)

openSUSE Security Advisory for MozillaThunderbird package update to version 115.0.1 fixing vulnerabilities CVE-2023-3417 and CVE-2023-3600 and multiple bugfixes

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 199
OpenVAS	Mozilla Thunderbird Security Advisories (MFSA2023-29, MFSA2023-33) - Windows	3 Aug 202300:00	–	openvas
OpenVAS	Mozilla Thunderbird Security Advisories (MFSA2023-29, MFSA2023-33) - Mac OS X	3 Aug 202300:00	–	openvas
OpenVAS	Slackware: Security Advisory (SSA:2023-212-01)	1 Aug 202300:00	–	openvas
OpenVAS	Debian: Security Advisory (DSA-5463-1)	31 Jul 202300:00	–	openvas
OpenVAS	Debian: Security Advisory (DLA-3510-1)	1 Aug 202300:00	–	openvas
OpenVAS	SUSE: Security Advisory (SUSE-SU-2023:2959-1)	26 Jul 202300:00	–	openvas
OpenVAS	SUSE: Security Advisory (SUSE-SU-2023:2960-1)	26 Jul 202300:00	–	openvas
OpenVAS	openSUSE: Security Advisory for MozillaFirefox (SUSE-SU-2023:2958-1)	4 Mar 202400:00	–	openvas
OpenVAS	Mozilla Firefox Security Advisory (MFSA2023-26) - Linux	12 Jul 202300:00	–	openvas
OpenVAS	SUSE: Security Advisory (SUSE-SU-2023:2958-1)	26 Jul 202300:00	–	openvas

Source	Link
	www.3059-1
lists	www.lists.opensuse.org/archives/list/[email protected]/thread/FHR2VYQ6ZBUD4C5IGYTYNA3APJITLSCA

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.833832");
  script_version("2025-02-26T05:38:41+0000");
  script_cve_id("CVE-2023-3417", "CVE-2023-3600");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2025-02-26 05:38:41 +0000 (Wed, 26 Feb 2025)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-07-20 19:46:21 +0000 (Thu, 20 Jul 2023)");
  script_tag(name:"creation_date", value:"2024-03-04 08:06:07 +0000 (Mon, 04 Mar 2024)");
  script_name("openSUSE: Security Advisory for MozillaThunderbird (SUSE-SU-2023:3059-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/opensuse", "ssh/login/rpms", re:"ssh/login/release=(openSUSELeap15\.4|openSUSELeap15\.5)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:3059-1");
  script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/FHR2VYQ6ZBUD4C5IGYTYNA3APJITLSCA");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'MozillaThunderbird'
  package(s) announced via the SUSE-SU-2023:3059-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for MozillaThunderbird fixes the following issues:

  Mozilla Thunderbird was updated to version 115.0.1 (bsc#1212438):

  * CVE-2023-3600: Fixed use-after-free in workers (bmo#1839703).

  * CVE-2023-3417: Fixed File Extension Spoofing using the Text Direction
      Override Character (bmo#1835582).

  Bugfixes:

  * changed: Added Thunderbird Supernova branding to about:dialog (bmo#1842102)

  * fixed: Message list was not updated when message was deleted from server
      outside of Thunderbird (bmo#1837041)

  * fixed: Scrolling behaved unexpectedly when moving to next message unread
      message in another folder (bmo#1841711)

  * fixed: Scrolling animation was unnecessarily used when switching or toggling
      the sort column in message list (bmo#1838522)

  * fixed: Attempting to delete a message and then cancelling the action still
      marked the message as read (bmo#793353)

  * fixed: Unified Toolbar could not be customized under certain tabs
      (bmo#1841480)

  * fixed: Selecting a folder with one or more subfolders and pressing enter did
      not expand folder (bmo#1841200)

  * fixed: Tooltips did not appear when hovering over folders (bmo#1839780)

  * fixed: Deleting large amounts of messages from Trash folder consumed
      excessive time and memory (bmo#1833665)

  * fixed: Message Summary header buttons were not keyboard accessible
      (bmo#1827199)

  * fixed: 'New' button in Message Filters dialog was not keyboard accessible
      (bmo#1841477)

  * fixed: Backing up secret keys from OpenPGP Key Manager dialog silently
      failed (bmo#1839415)

  * fixed: Various visual and UX improvements
      (bmo#1843172, bmo#1831422, bmo#1838360, bmo#1842319)

  ##");

  script_tag(name:"affected", value:"'MozillaThunderbird' package(s) on openSUSE Leap 15.4, openSUSE Leap 15.5.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "openSUSELeap15.4") {

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-debugsource", rpm:"MozillaThunderbird-debugsource~115.0.1~150200.8.124.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-debuginfo", rpm:"MozillaThunderbird-debuginfo~115.0.1~150200.8.124.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-other", rpm:"MozillaThunderbird-translations-other~115.0.1~150200.8.124.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird", rpm:"MozillaThunderbird~115.0.1~150200.8.124.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-common", rpm:"MozillaThunderbird-translations-common~115.0.1~150200.8.124.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-debugsource", rpm:"MozillaThunderbird-debugsource~115.0.1~150200.8.124.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-debuginfo", rpm:"MozillaThunderbird-debuginfo~115.0.1~150200.8.124.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-other", rpm:"MozillaThunderbird-translations-other~115.0.1~150200.8.124.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird", rpm:"MozillaThunderbird~115.0.1~150200.8.124.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-common", rpm:"MozillaThunderbird-translations-common~115.0.1~150200.8.124.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "openSUSELeap15.5") {

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-debugsource", rpm:"MozillaThunderbird-debugsource~115.0.1~150200.8.124.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-debuginfo", rpm:"MozillaThunderbird-debuginfo~115.0.1~150200.8.124.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-other", rpm:"MozillaThunderbird-translations-other~115.0.1~150200.8.124.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird", rpm:"MozillaThunderbird~115.0.1~150200.8.124.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-common", rpm:"MozillaThunderbird-translations-common~115.0.1~150200.8.124.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-debugsource", rpm:"MozillaThunderbird-debugsource~115.0.1~150200.8.124.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-debuginfo", rpm:"MozillaThunderbird-debuginfo~115.0.1~150200.8.124.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-other", rpm:"MozillaThunderbird-translations-other~115.0.1~150200.8.124.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird", rpm:"MozillaThunderbird~115.0.1~150200.8.124.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"MozillaThunderbird-translations-common", rpm:"MozillaThunderbird-translations-common~115.0.1~150200.8.124.1", rls:"openSUSELeap15.5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

04 Mar 2024 00:00Current

9.1High risk

Vulners AI Score9.1

CVSS38.8

EPSS0.0021

SSVC