Test ID:	1.3.6.1.4.1.25623.1.0.843027
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3165-1)
Summary:	The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-3165-1 advisory.
Description:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-3165-1 advisory. Vulnerability Insight: Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9893, CVE-2017-5373) Andrew Krasichkov discovered that event handlers on elements were executed despite a Content Security Policy (CSP) that disallowed inline JavaScript. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2016-9895) A memory corruption issue was discovered in WebGL in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9897) A use-after-free was discovered when manipulating DOM subtrees in the Editor. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9898) A use-after-free was discovered when manipulating DOM events and audio elements. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9899) It was discovered that external resources that should be blocked when loading SVG images can bypass security restrictions using data: URLs. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-9900) Jann Horn discovered that JavaScript Map/Set were vulnerable to timing attacks. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information across domains. (CVE-2016-9904) A crash was discovered in EnumerateSubDocuments while adding or removing sub-documents. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-9905) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Gregoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'thunderbird' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 16.04, Ubuntu 16.10. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9893 BugTraq ID: 94885 http://www.securityfocus.com/bid/94885 Debian Security Information: DSA-3757 (Google Search) https://www.debian.org/security/2017/dsa-3757 https://security.gentoo.org/glsa/201701-15 RedHat Security Advisories: RHSA-2016:2946 http://rhn.redhat.com/errata/RHSA-2016-2946.html RedHat Security Advisories: RHSA-2016:2973 http://rhn.redhat.com/errata/RHSA-2016-2973.html http://www.securitytracker.com/id/1037461 Common Vulnerability Exposure (CVE) ID: CVE-2016-9895 Common Vulnerability Exposure (CVE) ID: CVE-2016-9897 Common Vulnerability Exposure (CVE) ID: CVE-2016-9898 Common Vulnerability Exposure (CVE) ID: CVE-2016-9899 https://www.exploit-db.com/exploits/41042/ Common Vulnerability Exposure (CVE) ID: CVE-2016-9900 Common Vulnerability Exposure (CVE) ID: CVE-2016-9904 Common Vulnerability Exposure (CVE) ID: CVE-2016-9905 BugTraq ID: 94884 http://www.securityfocus.com/bid/94884 http://www.securitytracker.com/id/1037462 Common Vulnerability Exposure (CVE) ID: CVE-2017-5373 BugTraq ID: 95762 http://www.securityfocus.com/bid/95762 Debian Security Information: DSA-3771 (Google Search) https://www.debian.org/security/2017/dsa-3771 Debian Security Information: DSA-3832 (Google Search) https://www.debian.org/security/2017/dsa-3832 https://security.gentoo.org/glsa/201702-13 https://security.gentoo.org/glsa/201702-22 RedHat Security Advisories: RHSA-2017:0190 http://rhn.redhat.com/errata/RHSA-2017-0190.html RedHat Security Advisories: RHSA-2017:0238 http://rhn.redhat.com/errata/RHSA-2017-0238.html http://www.securitytracker.com/id/1037693 Common Vulnerability Exposure (CVE) ID: CVE-2017-5375 BugTraq ID: 95757 http://www.securityfocus.com/bid/95757 https://www.exploit-db.com/exploits/42327/ https://www.exploit-db.com/exploits/44293/ https://www.exploit-db.com/exploits/44294/ Common Vulnerability Exposure (CVE) ID: CVE-2017-5376 BugTraq ID: 95758 http://www.securityfocus.com/bid/95758 Common Vulnerability Exposure (CVE) ID: CVE-2017-5378 BugTraq ID: 95769 http://www.securityfocus.com/bid/95769 Common Vulnerability Exposure (CVE) ID: CVE-2017-5380 Common Vulnerability Exposure (CVE) ID: CVE-2017-5383 Common Vulnerability Exposure (CVE) ID: CVE-2017-5390 Common Vulnerability Exposure (CVE) ID: CVE-2017-5396
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.