Test ID:	1.3.6.1.4.1.25623.1.0.843435
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3529-1)
Summary:	The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-3529-1 advisory.
Description:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-3529-1 advisory. Vulnerability Insight: It was discovered that a From address encoded with a null character is cut off in the message header display. An attacker could potentially exploit this to spoof the sender address. (CVE-2017-7829) It was discovered that it is possible to execute JavaScript in RSS feeds in some circumstances. If a user were tricked in to opening a specially crafted RSS feed, an attacker could potentially exploit this in combination with another vulnerability, in order to cause unspecified problems. (CVE-2017-7846) It was discovered that the RSS feed can leak local path names. If a user were tricked in to opening a specially crafted RSS feed, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-7847) It was discovered that RSS feeds are vulnerable to new line injection. If a user were tricked in to opening a specially crafted RSS feed, an attacker could potentially exploit this to cause unspecified problems. (CVE-2017-7848) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, execute arbitrary code, or cause other unspecified effects. (CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117) Affected Software/OS: 'thunderbird' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 17.10. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7829 BugTraq ID: 102258 http://www.securityfocus.com/bid/102258 Debian Security Information: DSA-4075 (Google Search) https://www.debian.org/security/2017/dsa-4075 https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html RedHat Security Advisories: RHSA-2018:0061 https://access.redhat.com/errata/RHSA-2018:0061 http://www.securitytracker.com/id/1040123 https://usn.ubuntu.com/3529-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-7846 Common Vulnerability Exposure (CVE) ID: CVE-2017-7847 Common Vulnerability Exposure (CVE) ID: CVE-2017-7848 Common Vulnerability Exposure (CVE) ID: CVE-2018-5089 BugTraq ID: 102783 http://www.securityfocus.com/bid/102783 Debian Security Information: DSA-4096 (Google Search) https://www.debian.org/security/2018/dsa-4096 Debian Security Information: DSA-4102 (Google Search) https://www.debian.org/security/2018/dsa-4102 https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html RedHat Security Advisories: RHSA-2018:0122 https://access.redhat.com/errata/RHSA-2018:0122 RedHat Security Advisories: RHSA-2018:0262 https://access.redhat.com/errata/RHSA-2018:0262 http://www.securitytracker.com/id/1040270 https://usn.ubuntu.com/3544-1/ https://usn.ubuntu.com/3688-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-5095 Common Vulnerability Exposure (CVE) ID: CVE-2018-5096 BugTraq ID: 102771 http://www.securityfocus.com/bid/102771 Common Vulnerability Exposure (CVE) ID: CVE-2018-5097 Common Vulnerability Exposure (CVE) ID: CVE-2018-5098 Common Vulnerability Exposure (CVE) ID: CVE-2018-5099 Common Vulnerability Exposure (CVE) ID: CVE-2018-5102 Common Vulnerability Exposure (CVE) ID: CVE-2018-5103 Common Vulnerability Exposure (CVE) ID: CVE-2018-5104 Common Vulnerability Exposure (CVE) ID: CVE-2018-5117
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.