The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:2252 advisory.

  - Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188)

  - Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359)

  - Mozilla: Use-after-free using focus() (CVE-2018-12360)

  - Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362)

  - Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363)

  - Mozilla: CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364)

  - Mozilla: Compromised IPC child process can list local filenames (CVE-2018-12365)

  - Mozilla: Invalid data handling during QCMS transformations (CVE-2018-12366)

  - thunderbird: S/MIME and PGP decryption oracles can be built with HTML emails (CVE-2018-12372)

  - thunderbird: S/MIME plaintext can be leaked through HTML reply/forward (CVE-2018-12373)

  - thunderbird: Using form to exfiltrate encrypted mail part by pressing enter in form field (CVE-2018-12374)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : thunderbird (RHSA-2018:2252)

critical Nessus Plugin ID 111323

Version 1.15

Version 1.14

Version 1.15 Sep 3, 2024, 7:13 AM Exploit attributes ("Exploit available" set to "False") Exploit attributes ("Exploitability ease" set to "No known exploits are available") Plugin Feed: 202409030713
Version 1.14 Apr 28, 2024, 2:25 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv2 score source (set to "CVE-2018-5188") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404281425