Test ID:	1.3.6.1.4.1.25623.1.0.843659
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3793-1)
Summary:	The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-3793-1 advisory.
Description:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-3793-1 advisory. Vulnerability Insight: Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-12376, CVE-2018-12377, CVE-2018-12378) It was discovered that if a user saved passwords before Thunderbird 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2018-12383) A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. (CVE-2018-12385) Affected Software/OS: 'thunderbird' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12376 BugTraq ID: 105280 http://www.securityfocus.com/bid/105280 Debian Security Information: DSA-4287 (Google Search) https://www.debian.org/security/2018/dsa-4287 Debian Security Information: DSA-4327 (Google Search) https://www.debian.org/security/2018/dsa-4327 https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html RedHat Security Advisories: RHSA-2018:2692 https://access.redhat.com/errata/RHSA-2018:2692 RedHat Security Advisories: RHSA-2018:2693 https://access.redhat.com/errata/RHSA-2018:2693 RedHat Security Advisories: RHSA-2018:3403 https://access.redhat.com/errata/RHSA-2018:3403 RedHat Security Advisories: RHSA-2018:3458 https://access.redhat.com/errata/RHSA-2018:3458 http://www.securitytracker.com/id/1041610 https://usn.ubuntu.com/3761-1/ https://usn.ubuntu.com/3793-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-12377 Common Vulnerability Exposure (CVE) ID: CVE-2018-12378 Common Vulnerability Exposure (CVE) ID: CVE-2018-12383 BugTraq ID: 105276 http://www.securityfocus.com/bid/105276 Debian Security Information: DSA-4304 (Google Search) https://www.debian.org/security/2018/dsa-4304 RedHat Security Advisories: RHSA-2018:2834 https://access.redhat.com/errata/RHSA-2018:2834 RedHat Security Advisories: RHSA-2018:2835 https://access.redhat.com/errata/RHSA-2018:2835 http://www.securitytracker.com/id/1041701 Common Vulnerability Exposure (CVE) ID: CVE-2018-12385 BugTraq ID: 105380 http://www.securityfocus.com/bid/105380 http://www.securitytracker.com/id/1041700 https://usn.ubuntu.com/3778-1/
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.