The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5744 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5744-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     August 08, 2024                       https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : thunderbird     CVE ID         : CVE-2024-7519 CVE-2024-7521 CVE-2024-7522 CVE-2024-7525                      CVE-2024-7526 CVE-2024-7527 CVE-2024-7529

    Multiple security issues were discovered in Thunderbird, which could     result in denial of service or the execution of arbitrary code.

    For the oldstable distribution (bullseye), these problems have been fixed     in version 1:115.14.0-1~deb11u1.

    For the stable distribution (bookworm), these problems have been fixed in     version 1:115.14.0-1~deb12u1.

    We recommend that you upgrade your thunderbird packages.

    For the detailed security status of thunderbird please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/thunderbird

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dsa-5744 : thunderbird - security update

critical Nessus Plugin ID 205224

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.5 Sep 6, 2024, 10:36 AM IAVM reference Plugin Feed: 202409061036
Version 1.4 Aug 15, 2024, 4:15 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202408151615
Version 1.3 Aug 15, 2024, 10:23 AM Detection (updated detection logic) Plugin metadata Plugin Feed: 202408151023
Version 1.2 Aug 13, 2024, 9:21 AM CVSS metrics ("CVSSv2 score" set to 10.0) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSS metrics ("CVSSv3 score" set to 9.6) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H") CVSSv2 score source (changed from "CVE-2024-7526" to "CVE-2024-7527") CVSSv2 severity (based on CVE-2024-7527, severity increased from "Medium" to "High") CVSSv3 score source (changed from "CVE-2024-7521" to "CVE-2024-7519") Plugin Feed: 202408130921
Version 1.1 Aug 9, 2024, 1:42 AM New Plugin Feed: 202408090142