The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:7699 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * thunderbird: 115.16/128.3 ()

    * firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service     (CVE-2024-9399)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131 (CVE-2024-9403)

    * firefox: thunderbird: Potential directory upload bypass via clickjacking (CVE-2024-9397)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3,     Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9401)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and     Thunderbird 128.3 (CVE-2024-9402)

    * firefox: thunderbird: External protocol handlers could be enumerated via popups (CVE-2024-9398)

    * firefox: thunderbird: Potential memory corruption during JIT compilation (CVE-2024-9400)

    * firefox: thunderbird: Potential memory corruption may occur when cloning certain objects (CVE-2024-9396)

    * firefox: thunderbird: Cross-origin access to PDF contents through multipart responses (CVE-2024-9393)

    * firefox: thunderbird: Cross-origin access to JSON contents through multipart responses (CVE-2024-9394)

    * firefox: thunderbird: Compromised content process can bypass site isolation (CVE-2024-9392)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : thunderbird (RHSA-2024:7699)

high Nessus Plugin ID 208239

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.4 Nov 6, 2024, 9:25 AM CVSSv2 score source (changed from "CVE-2024-9402" to "CVE-2024-9394") CVSSv3 score source (changed from "CVE-2024-9394" to none) Plugin Feed: 202411060925
Version 1.3 Nov 5, 2024, 6:29 PM CVSS metrics ("CVSSv2 score" set to 7.8) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411051829
Version 1.2 Oct 16, 2024, 8:39 AM CVSS metrics ("CVSSv3 score" set to 7.5) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N") CVSSv3 score source (set to "CVE-2024-9394") Plugin Feed: 202410160839
Version 1.1 Oct 8, 2024, 1:07 AM New Plugin Feed: 202410080107