Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.THUNDERBIRD_MULTIPLE_FLAWS.NASL
HistorySep 15, 2004 - 12:00 a.m.

Mozilla < 1.7.3 / Thunderbird < 0.8 Multiple Vulnerabilities

2004-09-1500:00:00
This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.56 Medium

EPSS

Percentile

97.7%

JSON

The remote host is using Mozilla and/or Thunderbird, an alternative mail user agent.

The remote version of this software is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host.

To exploit these flaws, an attacker would need to send a rogue email to a victim on the remote host.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(14729);
 script_version("1.20");
 script_cve_id("CVE-2004-0902", "CVE-2004-0903", "CVE-2004-0904");
 script_bugtraq_id(11174, 11171, 11170);

 script_name(english:"Mozilla < 1.7.3 / Thunderbird < 0.8 Multiple Vulnerabilities");

 script_set_attribute(attribute:"synopsis", value:
"The remote host has an application that is affected by 
multiple flaws." );
 script_set_attribute(attribute:"description", value:
"The remote host is using Mozilla and/or Thunderbird, an 
alternative mail user agent.

The remote version of this software is vulnerable to 
several flaws that could allow an attacker to execute 
arbitrary code on the remote host.

To exploit these flaws, an attacker would need to send a 
rogue email to a victim on the remote host." );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla 1.7.3 or Thunderbird 0.8 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/15");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/08/29");
 script_cvs_date("Date: 2018/08/22 16:49:14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:mozilla");
script_set_attribute(attribute:"cpe",value:"cpe:/a:mozilla:thunderbird");
script_end_attributes();

 script_summary(english:"Determines the version of Mozilla");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_family(english:"Windows");
 script_dependencies("mozilla_org_installed.nasl");
 script_require_keys("Mozilla/Thunderbird/Version");
 exit(0);
}

#

include("misc_func.inc");


ver = read_version_in_kb("Mozilla/Version");
if (!isnull(ver))
{
  if (
    ver[0] < 1 ||
    (
      ver[0] == 1 &&
      (
        ver[1] < 7 ||
        (ver[1] == 7 && ver[2] < 3)
      )
    )
  )  security_hole(get_kb_item("SMB/transport"));
}

ver = read_version_in_kb("Mozilla/Thunderbird/Version");
if (!isnull(ver))
{
  if (ver[0] == 0 && ver[1] < 8)
    security_hole(get_kb_item("SMB/transport"));
}
VendorProductVersionCPE
mozillamozillacpe:/a:mozilla:mozilla
mozillathunderbirdcpe:/a:mozilla:thunderbird

Related

redhat 1
nessus 7
openvas 10
gentoo 1
checkpoint_advisories 2
freebsd 3
cve 3
nvd 3
cvelist 3
suse 1
redhat
redhat
(RHSA-2004:486) mozilla security update
2004-09-30 00:00:00
nessus
nessus
RHEL 2.1 / 3 : mozilla (RHSA-2004:486)
2004-10-02 00:00:00
Mandrake Linux Security Advisory : mozilla (MDKSA-2004:107)
2004-10-20 00:00:00
GLSA-200409-26 : Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities
2004-09-21 00:00:00
openvas
openvas
SLES9: Security update for Mozilla
2009-10-10 00:00:00
SLES9: Security update for Mozilla
2009-10-10 00:00:00
Gentoo Security Advisory GLSA 200409-26 (Mozilla)
2008-09-24 00:00:00
gentoo
gentoo
Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities
2004-09-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Browser Non-ASCII Hostname Heap Overflow - Ver2 (CVE-2004-0902)
2015-05-18 00:00:00
Microsoft Windows GDI+ BMP File Parsing Integer Overflow (MS08-052; CVE-2004-0904; CVE-2008-3015)
2008-09-09 00:00:00
freebsd
freebsd
mozilla -- multiple heap buffer overflows
2004-09-13 00:00:00
mozilla -- vCard stack buffer overflow
2004-09-13 00:00:00
mozilla -- BMP decoder vulnerabilities
2004-09-13 00:00:00
cve
cve
CVE-2004-0904
2004-12-31 05:00:00
CVE-2004-0903
2005-01-27 05:00:00
CVE-2004-0902
2005-01-27 05:00:00
nvd
nvd
CVE-2004-0904
2004-12-31 05:00:00
CVE-2004-0903
2005-01-27 05:00:00
CVE-2004-0902
2005-01-27 05:00:00
cvelist
cvelist
CVE-2004-0904
2004-09-24 04:00:00
CVE-2004-0903
2004-09-24 04:00:00
CVE-2004-0902
2004-09-24 04:00:00
suse
suse
various vulnerabilities in mozilla
2004-10-06 13:11:21

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.56 Medium

EPSS

Percentile

97.7%

JSON
Related for THUNDERBIRD_MULTIPLE_FLAWS.NASL
redhat1nessus7openvas10gentoo1checkpoint_advisories2freebsd3cve3nvd3cvelist3suse1