Oracle Linux 8 : thunderbird (ELSA-2021-4130)

critical Nessus Plugin ID 154934

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-4130 advisory.

- The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. (CVE-2021-38503)

- When interacting with an HTML input element's file picker dialog with <code>webkitdirectory</code> set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash.
(CVE-2021-38504)

- Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing.
(CVE-2021-38506)

- The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage.
(CVE-2021-38507)

- By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. (CVE-2021-38508)

- Due to an unusual sequence of attacker-controlled events, a Javascript <code>alert()</code> dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. (CVE-2021-38509)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected thunderbird package.

See Also

https://linux.oracle.com/errata/ELSA-2021-4130.html

Plugin Details

Severity: Critical

ID: 154934

File Name: oraclelinux_ELSA-2021-4130.nasl

Version: 1.6

Type: local

Agent: unix

Published: 11/5/2021

Updated: 3/17/2022

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-38503

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:thunderbird

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 11/5/2021

Vulnerability Publication Date: 11/2/2021

Reference Information

CVE: CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509

IAVA: 2021-A-0527-S