https://bugzilla.mozilla.org/show_bug.cgi?id=1533300

https://www.mozilla.org/security/advisories/mfsa2019-03/

The remote host is affected by the vulnerability described in GLSA-201904-07 (Mozilla Thunderbird and Firefox: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Thunderbird and       Firefox. Please review the referenced Mozilla Foundation Security       Advisories and CVE identifiers below for details.
  Impact :

    Please review the referenced Mozilla Foundation Security Advisories and       CVE identifiers below for details.
  Workaround :

    There is no known workaround at this time.

Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures.

The version of Thunderbird installed on the remote Windows host is prior to 60.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-03 advisory.

  - A use-after-free vulnerability can occur while parsing     an HTML5 stream in concert with custom HTML elements.
    This results in the stream parser object being freed     while still in use, leading to a potentially exploitable     crash. (CVE-2018-18500)

  - An earlier fix for an Inter-process Communication (IPC)     vulnerability, CVE-2011-3079, added authentication to     communication between IPC endpoints and server parents     during IPC process creation. This authentication is     insufficient for channels created after the IPC process     is started, leading to the authentication not being     correctly applied to later channels. This could allow     for a sandbox escape through IPC channels due to lack of     message validation in the listener process.
    (CVE-2018-18505)

  - A vulnerability in the Libical libary used by     Thunderbird can allow remote attackers to cause a denial     of service (use-after-free) via a crafted ICS calendar     file. (CVE-2016-5824)

  - Mozilla developers and community members Alex Gaynor,     Christoph Diehl, Steven Crane, Jason Kratzer, Gary     Kwong, and Christian Holler reported memory safety bugs     present in Firefox 64, Firefox ESR 60.4, and Thunderbird     60.4. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort that     some of these could be exploited to run arbitrary code.
    (CVE-2018-18501)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 60.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-03 advisory.

  - A use-after-free vulnerability can occur while parsing     an HTML5 stream in concert with custom HTML elements.
    This results in the stream parser object being freed     while still in use, leading to a potentially exploitable     crash. (CVE-2018-18500)

  - An earlier fix for an Inter-process Communication (IPC)     vulnerability, CVE-2011-3079, added authentication to     communication between IPC endpoints and server parents     during IPC process creation. This authentication is     insufficient for channels created after the IPC process     is started, leading to the authentication not being     correctly applied to later channels. This could allow     for a sandbox escape through IPC channels due to lack of     message validation in the listener process.
    (CVE-2018-18505)

  - A vulnerability in the Libical libary used by     Thunderbird can allow remote attackers to cause a denial     of service (use-after-free) via a crafted ICS calendar     file. (CVE-2016-5824)

  - Mozilla developers and community members Alex Gaynor,     Christoph Diehl, Steven Crane, Jason Kratzer, Gary     Kwong, and Christian Holler reported memory safety bugs     present in Firefox 64, Firefox ESR 60.4, and Thunderbird     60.4. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort that     some of these could be exploited to run arbitrary code.
    (CVE-2018-18501)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
123581	GLSA-201904-07 : Mozilla Thunderbird and Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
122269	Debian DSA-4392-1 : thunderbird - security update	Nessus	Debian Local Security Checks	high
121600	Mozilla Thunderbird < 60.5	Nessus	Windows	high
121599	Mozilla Thunderbird < 60.5	Nessus	MacOS X Local Security Checks	high

CVE-2018-18513

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high