Test ID:	1.3.6.1.4.1.25623.1.0.883163
Category:	CentOS Local Security Checks
Title:	CentOS Update for thunderbird CESA-2020:0120 centos7
Summary:	The remote host is missing an update for the 'thunderbird'; package(s) announced via the CESA-2020:0120 advisory.
Description:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the CESA-2020:0120 advisory. Vulnerability Insight: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'thunderbird' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-17016 Bugtraq: 20200109 [SECURITY] [DSA 4600-1] firefox-esr security update (Google Search) https://seclists.org/bugtraq/2020/Jan/12 Bugtraq: 20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01) (Google Search) https://seclists.org/bugtraq/2020/Jan/18 Bugtraq: 20200120 [SECURITY] [DSA 4603-1] thunderbird security update (Google Search) https://seclists.org/bugtraq/2020/Jan/26 Debian Security Information: DSA-4600 (Google Search) https://www.debian.org/security/2020/dsa-4600 Debian Security Information: DSA-4603 (Google Search) https://www.debian.org/security/2020/dsa-4603 https://security.gentoo.org/glsa/202003-02 http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html https://bugzilla.mozilla.org/show_bug.cgi?id=1599181 https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html RedHat Security Advisories: RHSA-2020:0085 https://access.redhat.com/errata/RHSA-2020:0085 RedHat Security Advisories: RHSA-2020:0086 https://access.redhat.com/errata/RHSA-2020:0086 RedHat Security Advisories: RHSA-2020:0111 https://access.redhat.com/errata/RHSA-2020:0111 RedHat Security Advisories: RHSA-2020:0120 https://access.redhat.com/errata/RHSA-2020:0120 RedHat Security Advisories: RHSA-2020:0123 https://access.redhat.com/errata/RHSA-2020:0123 RedHat Security Advisories: RHSA-2020:0127 https://access.redhat.com/errata/RHSA-2020:0127 RedHat Security Advisories: RHSA-2020:0292 https://access.redhat.com/errata/RHSA-2020:0292 RedHat Security Advisories: RHSA-2020:0295 https://access.redhat.com/errata/RHSA-2020:0295 SuSE Security Announcement: openSUSE-SU-2020:0060 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html SuSE Security Announcement: openSUSE-SU-2020:0094 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html https://usn.ubuntu.com/4234-1/ https://usn.ubuntu.com/4241-1/ https://usn.ubuntu.com/4335-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-17017 https://bugzilla.mozilla.org/show_bug.cgi?id=1603055 Common Vulnerability Exposure (CVE) ID: CVE-2019-17022 https://bugzilla.mozilla.org/show_bug.cgi?id=1602843 Common Vulnerability Exposure (CVE) ID: CVE-2019-17024 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507180%2C1595470%2C1598605%2C1601826 Common Vulnerability Exposure (CVE) ID: CVE-2019-17026 http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html https://bugzilla.mozilla.org/show_bug.cgi?id=1607443 https://www.mozilla.org/security/advisories/mfsa2020-03/ https://www.mozilla.org/security/advisories/mfsa2020-04/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.