English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.891575
Category:Debian Local Security Checks
Title:Debian LTS Advisory ([SECURITY] [DLA 1575-1] thunderbird security update)
Summary:Multiple security issues have been found in Thunderbird: Multiple memory;safety errors and use-after-frees may lead to the execution of arbitrary;code or denial of service.;;Debian follows the Thunderbird upstream releases. Support for the 52.x;series has ended, so starting with this update we're now following the;60.x releases.;;Between 52.x and 60.x, Thunderbird has undergone significant internal;updates, which makes it incompatible with a number of extensions. Please;see the references for more information.
Description:Summary:
Multiple security issues have been found in Thunderbird: Multiple memory
safety errors and use-after-frees may lead to the execution of arbitrary
code or denial of service.

Debian follows the Thunderbird upstream releases. Support for the 52.x
series has ended, so starting with this update we're now following the
60.x releases.

Between 52.x and 60.x, Thunderbird has undergone significant internal
updates, which makes it incompatible with a number of extensions. Please
see the references for more information.

Vulnerability Insight:
Thunderbird is an mail client suitable for free distribution. The goal of
Thunderbird is to produce a cross platform stand-alone mail application using
the XUL user interface language.
It supports different mail accounts, no matter of the used protocol like
POP(s) or IMAP(s), has an integrated learning Spam filter, and offers easy
organization of mails with tagging and virtual folders. Also, more features
can be added by installing extensions.

Affected Software/OS:
thunderbird on Debian Linux

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
1:60.3.0-1~
deb8u1.

We recommend that you upgrade your thunderbird packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-5156
https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
Debian Security Information: DSA-4235 (Google Search)
https://www.debian.org/security/2018/dsa-4235
Debian Security Information: DSA-4295 (Google Search)
https://www.debian.org/security/2018/dsa-4295
https://security.gentoo.org/glsa/201810-01
https://security.gentoo.org/glsa/201811-13
RedHat Security Advisories: RHSA-2018:2112
https://access.redhat.com/errata/RHSA-2018:2112
RedHat Security Advisories: RHSA-2018:2113
https://access.redhat.com/errata/RHSA-2018:2113
https://usn.ubuntu.com/3705-1/
BugTraq ID: 104560
http://www.securityfocus.com/bid/104560
http://www.securitytracker.com/id/1041193
Common Vulnerability Exposure (CVE) ID: CVE-2018-5187
BugTraq ID: 104556
http://www.securityfocus.com/bid/104556
CopyrightCopyright (c) 2018 Greenbone Networks GmbH http://greenbone.net

This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.