The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6075-1 advisory.

  - In multiple cases browser prompts could have been obscured by popups controlled by content. These could     have led to potential user confusion and spoofing attacks.  (CVE-2023-32205)

  - An out-of-bound read could have led to a crash in the RLBox Expat driver.  (CVE-2023-32206)

  - A missing delay in popup notifications could have made it possible for an attacker to trick a user into     granting permissions.  (CVE-2023-32207)

  - A type checking bug would have led to invalid code being compiled.  (CVE-2023-32211)

  - An attacker could have positioned a <code>datalist</code> element to obscure the address bar.
    (CVE-2023-32212)

  - When reading a file, an uninitialized value could have been used as read limit.  (CVE-2023-32213)

  - Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian     Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112     and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code.  (CVE-2023-32215)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : Thunderbird vulnerabilities (USN-6075-1)

high Nessus Plugin ID 175722

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.5 Oct 16, 2023, 7:25 PM Plugin metadata Detection Plugin Feed: 202310161925
Version 1.4 Jun 16, 2023, 8:11 AM IAVM reference Plugin Feed: 202306160811
Version 1.3 Jun 9, 2023, 7:18 PM CVSS metrics ("CVSSv2 score" changed from 7.5 to 10.0. "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") Plugin Feed: 202306091918
Version 1.2 Jun 5, 2023, 2:15 PM CVSS metrics ("CVSSv3 score" changed from 9.8 to 8.8. "CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H") CVSSv3 score source (set to "CVE-2023-32215") Plugin Feed: 202306051415
Version 1.1 May 16, 2023, 4:00 AM Detection Plugin Feed: 202305160400
Version 1.0 May 16, 2023, 2:02 AM New Plugin Feed: 202305160202