The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3281-1 advisory.

  - If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes     on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102,     Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. (CVE-2022-2200)

  - An OpenPGP digital signature includes information about the date when the signature was created. When     displaying an email that contains a digital signature, the email's date will be shown. If the dates were     different, then Thunderbird didn't report the email as having an invalid signature. If an attacker     performed a replay attack, in which an old email with old contents are resent at a later time, it could     lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird     will require that the signature's date roughly matches the displayed date of the email. This vulnerability     affects Thunderbird < 102 and Thunderbird < 91.11. (CVE-2022-2226)

  - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox <     103, and Thunderbird < 102.1. (CVE-2022-2505)

  - When receiving an HTML email that contained an <code>iframe</code> element, which used a     <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested     document, for example images or videos, were not blocked. Rather, the network was accessed, the objects     were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
    (CVE-2022-3032)

  - If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the     <code>meta</code> tag having the <code>http-equiv=refresh</code> attribute, and the content attribute     specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration     to block remote content. In combination with certain other HTML elements and attributes in the email, it     was possible to execute JavaScript code included in the message in the context of the message compose     document. The JavaScript code was able to perform actions including, but probably not limited to, read and     modify the contents of the message compose document, including the quoted original message, which could     potentially contain the decrypted plaintext of encrypted data in the crafted email. The contents could     then be transmitted to the network, either to the URL specified in the META refresh tag, or to a different     URL, as the JavaScript code could modify the URL specified in the document. This bug doesn't affect users     who have changed the default Message Body display setting to 'simple html' or 'plain text'. This     vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1. (CVE-2022-3033)

  - When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location,     a request to the remote document was sent. However, Thunderbird didn't display the document. This     vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1. (CVE-2022-3034)

  - An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and     in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11,     Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101. (CVE-2022-31744)

  - An iframe that was not permitted to run scripts could do so if the user clicked on a     <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird     < 102, and Thunderbird < 91.11. (CVE-2022-34468)

  - Session history navigations may have led to a use-after-free and potentially exploitable crash. This     vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
    (CVE-2022-34470)

  - If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have     been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102,     Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. (CVE-2022-34472)

  - The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to     Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had     known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so     in this release Thunderbird has blocked these protocols from prompting the user to open them.<br>*This bug     only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects     Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. (CVE-2022-34478)

  - A malicious website that could create a popup could have resized the popup to overlay the address bar with     its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects     Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102,     Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. (CVE-2022-34479)

  - In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred     when the number of elements to replace was too large for the container. This vulnerability affects Firefox     < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. (CVE-2022-34481)

  - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these     bugs showed evidence of memory corruption and we presume that with enough effort some of these could have     been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11,     Thunderbird < 102, and Thunderbird < 91.11. (CVE-2022-34484)

  - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0     events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from     functioning properly, potentially impacting the consumer's ability to process data safely. Note that the     matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to     the consumer. This issue has been fixed in matrix-js-sdk 19.4.0 and users are advised to upgrade. Users     unable to upgrade may mitigate this issue by redacting applicable events, waiting for the sync processor     to store data, and restarting the client. Alternatively, redacting the applicable events and clearing all     storage will often fix most perceived issues. In some cases, no workarounds are possible. (CVE-2022-36059)

  - When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that     would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for     Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox     < 103, and Thunderbird < 102.1. (CVE-2022-36314)

  - When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This     vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and     Thunderbird < 91.12. (CVE-2022-36318)

  - When combining CSS properties for overflow and transform, the mouse cursor could interact with different     coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox <     103, Thunderbird < 102.1, and Thunderbird < 91.12. (CVE-2022-36319)

  - An attacker could have abused XSLT error handling to associate attacker-controlled content with another     origin which was displayed in the address bar. This could have been used to fool the user into submitting     data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13,     Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. (CVE-2022-38472)

  - A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as     microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox     ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. (CVE-2022-38473)

  - A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-     free vulnerability. In Firefox, this lock protected the data when a user changed their master password.
    This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2. (CVE-2022-38476)

  - Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox     103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that     with enough effort some of these could have been exploited to run arbitrary code. This vulnerability     affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104. (CVE-2022-38477)

  - Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1,     and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects     Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
    (CVE-2022-38478)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2022:3281-1)

critical Nessus Plugin ID 165233

Version 1.9

Version 1.8

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.9 Jul 14, 2023, 4:28 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Detection Plugin metadata Plugin Feed: 202307141628
Version 1.8 Jul 12, 2023, 5:37 PM Detection Plugin Feed: 202307121737
Version 1.7 Feb 8, 2023, 11:19 PM Logic Changes (Updated openSUSE package checks in SUSE plugins) Plugin Feed: 202302082319
Version 1.6 Feb 4, 2023, 12:45 AM Logic Changes (Added missing service packs to plugin checks) Plugin Feed: 202302040045
Version 1.5 Jan 21, 2023, 5:26 AM Logic Changes (Added package checks for openSuSE) Plugin Feed: 202301210526
Version 1.4 Jan 5, 2023, 6:23 PM CVSS metrics ("CVSSv3 score" changed from "8.8" to "9.8") CVSS metrics ("CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSS temporal metrics ("CVSSv3 temporal score" set to "8.5") CVSSv3 score source (set to "CVE-2022-34470") Plugin Feed: 202301051823
Version 1.3 Jan 2, 2023, 2:02 PM CVSS metrics ("CVSSv2 score" changed from "5.8" to "10.0") CVSS metrics ("CVSSv2 vector" changed from "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSS metrics ("CVSSv3 score" changed from "7.5" to "8.8") CVSS metrics ("CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H") CVSSv2 score source (changed from "CVE-2022-3033" to "CVE-2022-38478") CVSSv2 severity (based on CVE-2022-38478, severity increased from "Medium" to "High") Plugin Feed: 202301021402