Test ID:	1.3.6.1.4.1.25623.1.0.844296
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4241-1)
Summary:	The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-4241-1 advisory.
Description:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-4241-1 advisory. Vulnerability Insight: Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026) It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745) Affected Software/OS: 'thunderbird' package(s) on Ubuntu 18.04, Ubuntu 19.10. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-11745 https://security.gentoo.org/glsa/202003-02 https://security.gentoo.org/glsa/202003-10 https://security.gentoo.org/glsa/202003-37 https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html RedHat Security Advisories: RHSA-2020:0243 https://access.redhat.com/errata/RHSA-2020:0243 RedHat Security Advisories: RHSA-2020:0466 https://access.redhat.com/errata/RHSA-2020:0466 SuSE Security Announcement: openSUSE-SU-2020:0002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html SuSE Security Announcement: openSUSE-SU-2020:0003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html SuSE Security Announcement: openSUSE-SU-2020:0008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html https://usn.ubuntu.com/4241-1/ https://usn.ubuntu.com/4335-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-17005 https://bugzilla.mozilla.org/show_bug.cgi?id=1584170 RedHat Security Advisories: RHSA-2020:0292 https://access.redhat.com/errata/RHSA-2020:0292 RedHat Security Advisories: RHSA-2020:0295 https://access.redhat.com/errata/RHSA-2020:0295 Common Vulnerability Exposure (CVE) ID: CVE-2019-17008 https://bugzilla.mozilla.org/show_bug.cgi?id=1546331 Common Vulnerability Exposure (CVE) ID: CVE-2019-17010 https://bugzilla.mozilla.org/show_bug.cgi?id=1581084 Common Vulnerability Exposure (CVE) ID: CVE-2019-17011 https://bugzilla.mozilla.org/show_bug.cgi?id=1591334 Common Vulnerability Exposure (CVE) ID: CVE-2019-17012 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1449736%2C1533957%2C1560667%2C1567209%2C1580288%2C1585760%2C1592502 Common Vulnerability Exposure (CVE) ID: CVE-2019-17016 Bugtraq: 20200109 [SECURITY] [DSA 4600-1] firefox-esr security update (Google Search) https://seclists.org/bugtraq/2020/Jan/12 Bugtraq: 20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01) (Google Search) https://seclists.org/bugtraq/2020/Jan/18 Bugtraq: 20200120 [SECURITY] [DSA 4603-1] thunderbird security update (Google Search) https://seclists.org/bugtraq/2020/Jan/26 Debian Security Information: DSA-4600 (Google Search) https://www.debian.org/security/2020/dsa-4600 Debian Security Information: DSA-4603 (Google Search) https://www.debian.org/security/2020/dsa-4603 http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html https://bugzilla.mozilla.org/show_bug.cgi?id=1599181 https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html RedHat Security Advisories: RHSA-2020:0085 https://access.redhat.com/errata/RHSA-2020:0085 RedHat Security Advisories: RHSA-2020:0086 https://access.redhat.com/errata/RHSA-2020:0086 RedHat Security Advisories: RHSA-2020:0111 https://access.redhat.com/errata/RHSA-2020:0111 RedHat Security Advisories: RHSA-2020:0120 https://access.redhat.com/errata/RHSA-2020:0120 RedHat Security Advisories: RHSA-2020:0123 https://access.redhat.com/errata/RHSA-2020:0123 RedHat Security Advisories: RHSA-2020:0127 https://access.redhat.com/errata/RHSA-2020:0127 SuSE Security Announcement: openSUSE-SU-2020:0060 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html SuSE Security Announcement: openSUSE-SU-2020:0094 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html https://usn.ubuntu.com/4234-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-17017 https://bugzilla.mozilla.org/show_bug.cgi?id=1603055 Common Vulnerability Exposure (CVE) ID: CVE-2019-17022 https://bugzilla.mozilla.org/show_bug.cgi?id=1602843 Common Vulnerability Exposure (CVE) ID: CVE-2019-17024 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507180%2C1595470%2C1598605%2C1601826 Common Vulnerability Exposure (CVE) ID: CVE-2019-17026 http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html https://bugzilla.mozilla.org/show_bug.cgi?id=1607443 https://www.mozilla.org/security/advisories/mfsa2020-03/ https://www.mozilla.org/security/advisories/mfsa2020-04/
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.