Lucene search
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_THUNDERBIRD_52_5.NASLHistoryDec 06, 2017 - 12:00 a.m.
Mozilla Thunderbird < 52.5 Multiple Vulnerabilities (macOS)
2017-12-0600:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.01
Percentile
83.4%
The version of Mozilla Thunderbird installed on the remote Windows host is prior to 52.5. It is, therefore, affected by multiple vulnerabilities.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(105043);
script_version("1.4");
script_cvs_date("Date: 2019/11/12");
script_cve_id("CVE-2017-7826", "CVE-2017-7828", "CVE-2017-7830");
script_bugtraq_id(101832);
script_name(english:"Mozilla Thunderbird < 52.5 Multiple Vulnerabilities (macOS)");
script_summary(english:"Checks the version of Thunderbird.");
script_set_attribute(attribute:"synopsis", value:
"The remote macOS or Mac OS X host contains a mail client that is
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Mozilla Thunderbird installed on the remote Windows
host is prior to 52.5. It is, therefore, affected by multiple
vulnerabilities.");
script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla Thunderbird version 52.5 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7826");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/23");
script_set_attribute(attribute:"patch_publication_date", value:"2017/11/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_thunderbird_installed.nasl");
script_require_keys("MacOSX/Thunderbird/Version");
exit(0);
}
include("mozilla_version.inc");
kb_base = "MacOSX/Thunderbird";
get_kb_item_or_exit(kb_base+"/Installed");
version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
mozilla_check_version(version:version, path:path, product:'thunderbird', fix:'52.5', severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | thunderbird | cpe:/a:mozilla:thunderbird |
Related
openvas
openvas
Mozilla Firefox ESR Security Advisories (MFSA2017-24, MFSA2017-25) - Windows
2017-11-16 00:00:00
Debian: Security Advisory (DLA-1172-1)
2023-03-08 00:00:00
nessus
nessus
CentOS 6 / 7 : thunderbird (CESA-2017:3372)
2017-12-07 00:00:00
RHEL 6 / 7 : firefox (RHSA-2017:3247)
2017-11-20 00:00:00
RHEL 6 / 7 : thunderbird (RHSA-2017:3372)
2017-12-04 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2017-12-05 21:09:46
Security update for MozillaFirefox (important)
2017-12-07 21:11:24
Security update for MozillaFirefox (important)
2017-11-17 00:07:09
debian
debian
[SECURITY] [DLA 1199-1] thunderbird security update
2017-12-09 16:46:52
[SECURITY] [DLA 1172-1] firefox-esr security update
2017-11-15 23:48:16
[SECURITY] [DSA 4061-1] thunderbird security update
2017-12-10 21:40:56
oraclelinux
oraclelinux
thunderbird security update
2017-12-04 00:00:00
firefox security update
2017-11-17 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Thunderbird 52.5 — Mozilla
2017-11-23 00:00:00
Security vulnerabilities fixed in Firefox ESR 52.5 — Mozilla
2017-11-14 00:00:00
Security vulnerabilities fixed in Firefox 57 — Mozilla
2017-11-14 00:00:00
osv
osv
thunderbird - security update
2017-12-09 00:00:00
thunderbird - security update
2017-12-10 00:00:00
firefox-esr - security update
2017-11-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package thunderbird version 52.5.0-alt1
2017-11-24 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 52.5.0-alt1
2017-11-15 00:00:00
centos
centos
thunderbird security update
2017-12-06 13:18:36
firefox security update
2017-11-17 16:50:04
redhat
redhat
(RHSA-2017:3372) Important: thunderbird security update
2017-12-03 23:25:45
(RHSA-2017:3247) Critical: firefox security update
2017-11-17 07:31:46
archlinux
archlinux
[ASA-201711-43] thunderbird: multiple issues
2017-11-30 00:00:00
[ASA-201711-23] firefox: multiple issues
2017-11-15 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerabilities & bugs
2017-11-29 21:52:42
Updated firefox packages fix security vulnerabilities
2017-11-19 14:20:04
Updated iceape packages fix security vulnerabilities
2018-01-02 14:48:29
kaspersky
kaspersky
KLA11145 Multiple vulnerabilities in Mozilla Thunderbird
2017-11-23 00:00:00
KLA11135 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2017-11-14 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2017-12-01 00:00:00
Firefox vulnerabilities
2017-11-16 00:00:00
Firefox regression
2017-11-27 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:37:47
Information Disclosure
2019-05-02 06:37:47
Arbitrary Code Execution
2019-01-15 09:19:40
redhatcve
redhatcve
cve
cve
prion
prion
Design/Logic Flaw
2018-06-11 21:29:00
Design/Logic Flaw
2018-06-11 21:29:00
Memory corruption
2018-06-11 21:29:00
nvd
nvd
debiancve
debiancve
ubuntucve
ubuntucve
cvelist
cvelist
freebsd
freebsd
mozilla -- multiple vulnerabilities
2017-11-14 00:00:00
apple
apple
About the security content of iTunes 12.7.3 for Windows - Apple Support
2018-10-18 05:11:13
About the security content of iTunes 12.7.3 for Windows
2018-01-23 00:00:00
About the security content of iCloud for Windows 7.3 - Apple Support
2018-10-18 04:39:34
gentoo
gentoo
Mozilla Thunderbird: Multiple vulnerabilities
2018-03-28 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.01
Percentile
83.4%
Related for MACOSX_THUNDERBIRD_52_5.NASL