CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.5%
The installed version of Mozilla Thunderbird allows unescaped URIs to be passed to external programs, which could lead to execution of arbitrary code, as well as privilege escalation attacks against addons that create βabout:blankβ windows and populate them in certain ways.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(25837);
script_version("1.23");
script_cve_id("CVE-2007-3844", "CVE-2007-3845");
script_bugtraq_id(25053, 25142);
script_name(english:"Mozilla Thunderbird < 1.5.0.13 / 2.0.0.6 Multiple Vulnerabilities");
script_summary(english:"Checks version of Mozilla Thunderbird");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a mail client that is affected by
multiple vulnerabilities." );
script_set_attribute(attribute:"description", value:
"The installed version of Mozilla Thunderbird allows unescaped URIs to
be passed to external programs, which could lead to execution of
arbitrary code, as well as privilege escalation attacks against
addons that create 'about:blank' windows and populate them in
certain ways." );
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-26/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.mozilla.org/en-US/security/advisories/mfsa2007-27/"
);
script_set_attribute(
attribute:"solution",
value:"Upgrade to Mozilla Thunderbird 1.5.0.13 / 2.0.0.6 or later."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_cwe_id(78);
script_set_attribute(attribute:"plugin_publication_date", value: "2007/08/02");
script_set_attribute(attribute:"vuln_publication_date", value: "2007/07/30");
script_set_attribute(attribute:"patch_publication_date", value: "2007/07/30");
script_cvs_date("Date: 2018/07/16 14:09:15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
script_dependencies("mozilla_org_installed.nasl");
script_require_keys("Mozilla/Thunderbird/Version");
exit(0);
}
include("misc_func.inc");
ver = read_version_in_kb("Mozilla/Thunderbird/Version");
if (isnull(ver)) exit(0);
if (
ver[0] < 1 ||
(
ver[0] == 1 &&
(
ver[1] < 5 ||
(ver[1] == 5 && ver[2] == 0 && ver[3] < 13)
)
) ||
(ver[0] == 2 && ver[1] == 0 && ver[2] == 0 && ver[3] < 6)
) security_hole(get_kb_item("SMB/transport"));
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | thunderbird | cpe:/a:mozilla:thunderbird |