Test ID:	1.3.6.1.4.1.25623.1.0.843949
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3927-1)
Summary:	The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-3927-1 advisory.
Description:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-3927-1 advisory. Vulnerability Insight: It was discovered that Thunderbird allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. (CVE-2018-18506) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813) A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website in a browsing context with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-9793) Affected Software/OS: 'thunderbird' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 18.10. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-18506 BugTraq ID: 106773 http://www.securityfocus.com/bid/106773 Bugtraq: 20190320 [SECURITY] [DSA 4411-1] firefox-esr security update (Google Search) https://seclists.org/bugtraq/2019/Mar/28 Bugtraq: 20190401 [SECURITY] [DSA 4420-1] thunderbird security update (Google Search) https://seclists.org/bugtraq/2019/Apr/0 Debian Security Information: DSA-4411 (Google Search) https://www.debian.org/security/2019/dsa-4411 Debian Security Information: DSA-4420 (Google Search) https://www.debian.org/security/2019/dsa-4420 https://security.gentoo.org/glsa/201904-07 https://lists.debian.org/debian-lts-announce/2019/03/msg00024.html https://lists.debian.org/debian-lts-announce/2019/04/msg00000.html RedHat Security Advisories: RHSA-2019:0622 https://access.redhat.com/errata/RHSA-2019:0622 RedHat Security Advisories: RHSA-2019:0623 https://access.redhat.com/errata/RHSA-2019:0623 RedHat Security Advisories: RHSA-2019:0680 https://access.redhat.com/errata/RHSA-2019:0680 RedHat Security Advisories: RHSA-2019:0681 https://access.redhat.com/errata/RHSA-2019:0681 RedHat Security Advisories: RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:0966 RedHat Security Advisories: RHSA-2019:1144 https://access.redhat.com/errata/RHSA-2019:1144 SuSE Security Announcement: openSUSE-SU-2019:1056 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html SuSE Security Announcement: openSUSE-SU-2019:1077 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html SuSE Security Announcement: openSUSE-SU-2019:1126 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html SuSE Security Announcement: openSUSE-SU-2019:1162 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html https://usn.ubuntu.com/3874-1/ https://usn.ubuntu.com/3927-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9788 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203 https://www.mozilla.org/security/advisories/mfsa2019-07/ https://www.mozilla.org/security/advisories/mfsa2019-08/ https://www.mozilla.org/security/advisories/mfsa2019-11/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9790 https://bugzilla.mozilla.org/show_bug.cgi?id=1525145 Common Vulnerability Exposure (CVE) ID: CVE-2019-9791 https://bugzilla.mozilla.org/show_bug.cgi?id=1530958 Common Vulnerability Exposure (CVE) ID: CVE-2019-9792 http://packetstormsecurity.com/files/153106/Spidermonkey-IonMonkey-JS_OPTIMIZED_OUT-Value-Leak.html https://bugzilla.mozilla.org/show_bug.cgi?id=1532599 Common Vulnerability Exposure (CVE) ID: CVE-2019-9793 https://bugzilla.mozilla.org/show_bug.cgi?id=1528829 Common Vulnerability Exposure (CVE) ID: CVE-2019-9795 https://bugzilla.mozilla.org/show_bug.cgi?id=1514682 Common Vulnerability Exposure (CVE) ID: CVE-2019-9796 https://bugzilla.mozilla.org/show_bug.cgi?id=1531277 Common Vulnerability Exposure (CVE) ID: CVE-2019-9810 http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.html https://bugzilla.mozilla.org/show_bug.cgi?id=1537924 https://www.mozilla.org/security/advisories/mfsa2019-09/ https://www.mozilla.org/security/advisories/mfsa2019-10/ https://www.mozilla.org/security/advisories/mfsa2019-12/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9813 https://bugzilla.mozilla.org/show_bug.cgi?id=1538006
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.