Test ID:	1.3.6.1.4.1.25623.1.0.884274
Category:	CentOS Local Security Checks
Title:	CentOS: Security Advisory for thunderbird (CESA-2023:0817)
Summary:	The remote host is missing an update for the 'thunderbird'; package(s) announced via the CESA-2023:0817 advisory.
Description:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the CESA-2023:0817 advisory. Vulnerability Insight: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Security Fix(es): * Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767) * Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728) * Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730) * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735) * Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737) * Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ ScriptLoadContext (CVE-2023-25739) * Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743) * Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744) * Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746) * Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729) * Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732) * Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP (CVE-2023-0616) * Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'thunderbird' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-0616 https://bugzilla.mozilla.org/show_bug.cgi?id=1806507 https://www.mozilla.org/security/advisories/mfsa2023-07/ Common Vulnerability Exposure (CVE) ID: CVE-2023-0767 https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html https://bugzilla.mozilla.org/show_bug.cgi?id=1804640 https://www.mozilla.org/security/advisories/mfsa2023-05/ https://www.mozilla.org/security/advisories/mfsa2023-06/ Common Vulnerability Exposure (CVE) ID: CVE-2023-25728 https://bugzilla.mozilla.org/show_bug.cgi?id=1790345 Common Vulnerability Exposure (CVE) ID: CVE-2023-25729 https://bugzilla.mozilla.org/show_bug.cgi?id=1792138 Common Vulnerability Exposure (CVE) ID: CVE-2023-25730 https://bugzilla.mozilla.org/show_bug.cgi?id=1794622 Common Vulnerability Exposure (CVE) ID: CVE-2023-25732 https://bugzilla.mozilla.org/show_bug.cgi?id=1804564 Common Vulnerability Exposure (CVE) ID: CVE-2023-25735 https://bugzilla.mozilla.org/show_bug.cgi?id=1810711 Common Vulnerability Exposure (CVE) ID: CVE-2023-25737 https://bugzilla.mozilla.org/show_bug.cgi?id=1811464 Common Vulnerability Exposure (CVE) ID: CVE-2023-25739 https://bugzilla.mozilla.org/show_bug.cgi?id=1811939 Common Vulnerability Exposure (CVE) ID: CVE-2023-25742 https://bugzilla.mozilla.org/show_bug.cgi?id=1813424 Common Vulnerability Exposure (CVE) ID: CVE-2023-25743 https://bugzilla.mozilla.org/show_bug.cgi?id=1800203 Common Vulnerability Exposure (CVE) ID: CVE-2023-25744 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536 Common Vulnerability Exposure (CVE) ID: CVE-2023-25746 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544127%2C1762368
Copyright	Copyright (C) 2023 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.