 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2020.0209 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2020-0209) |
| Summary: | The remote host is missing an update for the 'thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2020-0209 advisory. |
| Description: | Summary: The remote host is missing an update for the 'thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2020-0209 advisory. Vulnerability Insight: Updated thunderbird packages fix security vulnerabilities: A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash (CVE-2020-6831). A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash (CVE-2020-12387). The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files (CVE-2020-12392). Mozilla developers and community members Alexandru Michis, Jason Kratzer, philipp, Ted Campbell, Bas Schouten, Andre Bargull, and Karl Tomlinson reported memory safety bugs present in Thunderbird ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2020-12395). By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays (CVE-2020-12397). Affected Software/OS: 'thunderbird, thunderbird-l10n' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-12387 https://bugzilla.mozilla.org/show_bug.cgi?id=1545345 https://security.gentoo.org/glsa/202005-03 https://security.gentoo.org/glsa/202005-04 https://www.mozilla.org/security/advisories/mfsa2020-16/ https://www.mozilla.org/security/advisories/mfsa2020-17/ https://www.mozilla.org/security/advisories/mfsa2020-18/ https://usn.ubuntu.com/4373-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-12392 https://bugzilla.mozilla.org/show_bug.cgi?id=1614468 Common Vulnerability Exposure (CVE) ID: CVE-2020-12395 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595886%2C1611482%2C1614704%2C1624098%2C1625749%2C1626382%2C1628076%2C1631508 Common Vulnerability Exposure (CVE) ID: CVE-2020-12397 https://bugzilla.mozilla.org/show_bug.cgi?id=1617370 Common Vulnerability Exposure (CVE) ID: CVE-2020-6831 Debian Security Information: DSA-4714 (Google Search) https://www.debian.org/security/2020/dsa-4714 http://packetstormsecurity.com/files/158480/usrsctp-Stack-Buffer-Overflow.html https://bugzilla.mozilla.org/show_bug.cgi?id=1632241 SuSE Security Announcement: openSUSE-SU-2020:0917 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00000.html |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |