 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.845381 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-5435-1) |
| Summary: | The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-5435-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-5435-1 advisory. Vulnerability Insight: Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass permission prompts, obtain sensitive information, bypass security restrictions, cause user confusion, or execute arbitrary code. (CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917) It was discovered that Thunderbird would show the wrong security status after viewing an attached message that is signed or encrypted. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message. (CVE-2022-1520) It was discovered that the methods of an Array object could be corrupted as a result of prototype pollution by sending a message to the parent process. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could exploit this to execute JavaScript in a privileged context. (CVE-2022-1529, CVE-2022-1802) Affected Software/OS: 'thunderbird' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 21.10, Ubuntu 22.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2022-1520 https://bugzilla.mozilla.org/show_bug.cgi?id=1745019 https://www.mozilla.org/security/advisories/mfsa2022-18/ Common Vulnerability Exposure (CVE) ID: CVE-2022-1529 https://bugzilla.mozilla.org/show_bug.cgi?id=1770048 https://www.mozilla.org/security/advisories/mfsa2022-19/ Common Vulnerability Exposure (CVE) ID: CVE-2022-1802 https://bugzilla.mozilla.org/show_bug.cgi?id=1770137 Common Vulnerability Exposure (CVE) ID: CVE-2022-29909 https://bugzilla.mozilla.org/show_bug.cgi?id=1755081 https://www.mozilla.org/security/advisories/mfsa2022-16/ https://www.mozilla.org/security/advisories/mfsa2022-17/ Common Vulnerability Exposure (CVE) ID: CVE-2022-29911 https://bugzilla.mozilla.org/show_bug.cgi?id=1761981 Common Vulnerability Exposure (CVE) ID: CVE-2022-29912 https://bugzilla.mozilla.org/show_bug.cgi?id=1692655 Common Vulnerability Exposure (CVE) ID: CVE-2022-29913 https://bugzilla.mozilla.org/show_bug.cgi?id=1764778 Common Vulnerability Exposure (CVE) ID: CVE-2022-29914 https://bugzilla.mozilla.org/show_bug.cgi?id=1746448 Common Vulnerability Exposure (CVE) ID: CVE-2022-29916 https://bugzilla.mozilla.org/show_bug.cgi?id=1760674 Common Vulnerability Exposure (CVE) ID: CVE-2022-29917 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1684739%2C1706441%2C1753298%2C1762614%2C1762620%2C1764778 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |