New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6.7
SynopsisThe remote Amazon Linux 2 host is missing a security update.
DescriptionThe following CVEs are fixed in the updated thunderbird package :
CVE-2018-5161 : Hang via malformed headers
CVE-2018-5162 : Encrypted mail leaks plaintext through src attribute
CVE-2018-5183 : Backport critical security fixes in Skia
CVE-2018-5155 : Use-after-free with SVG animations and text paths
CVE-2018-5170 : Filename spoofing for external attachments
CVE-2018-5184 : Full plaintext recovery in S/MIME via chosen-ciphertext attack
CVE-2018-5159 : Integer overflow and out-of-bounds write in Skia
CVE-2018-5178 : Buffer overflow during UTF-8 to Unicode string conversion through legacy extension
CVE-2018-5168 : Lightweight themes can be installed without user interaction
CVE-2018-5150 : Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
CVE-2018-5154 : Use-after-free with SVG animations and clip paths
CVE-2018-5185 : Leaking plaintext through HTML forms
SolutionRun 'yum update thunderbird' to update your system.