Mozilla Thunderbird Security Update (mfsa_2024-31) - Windows

2024-07-1900:00:00

plugins.openvas.org

mozilla thunderbird

security update

vulnerabilities

windows

cve-2024-6601

cve-2024-6602

cve-2024-6603

cve-2024-6604

denial of service

arbitrary code

memory corruption

race condition

vendor fix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

JSON

Mozilla Thunderbird is prone to multiple
vulnerabilities.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mozilla:thunderbird";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.834268");
  script_version("2024-07-26T05:05:35+0000");
  script_cve_id("CVE-2024-6601", "CVE-2024-6602", "CVE-2024-6603", "CVE-2024-6604");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-07-26 05:05:35 +0000 (Fri, 26 Jul 2024)");
  script_tag(name:"creation_date", value:"2024-07-19 10:03:31 +0530 (Fri, 19 Jul 2024)");
  script_name("Mozilla Thunderbird Security Update (mfsa_2024-31) - Windows");

  script_tag(name:"summary", value:"Mozilla Thunderbird is prone to multiple
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is
  present on the target host.");

  script_tag(name: "insight" , value:"These vulnerabilities exist:

  - CVE-2024-6601: Race condition in permission assignment

  - CVE-2024-6602: Memory corruption in NSS.");

  script_tag(name: "impact" , value:"Successful exploitation allows an attacker
  to run arbitrary code, bypass security restrictions and cause denial of
  service attacks.");

  script_tag(name: "affected" , value:"Mozilla Thunderbird prior to version
  115.13 on Windows.");

  script_tag(name: "solution" , value:"Update to version 115.13 or later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"registry");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("General");
  script_dependencies("gb_thunderbird_detect_win.nasl");
  script_mandatory_keys("Thunderbird/Win/Ver");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);

vers = infos["version"];
path = infos["location"];

if(version_is_less(version:vers, test_version:"115.13")) {
  report = report_fixed_ver(installed_version:vers, fixed_version:"115.13", install_path:path);
  security_message(port:0, data:report);
  exit(0);
}

exit(99);