The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0450 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2023-3417:
    Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could     be incorrectly shown as being a document file, while in  fact it was an executable file. Newer versions of     Thunderbird will strip the character and show the correct file extension. This vulnerability affects     Thunderbird < 115.0.1 and Thunderbird < 102.13.1.

    CVE-2023-29479:
    Ribose RNP before 0.16.3 may hang when the input is malformed.

    CVE-2023-28427:
    matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0     events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from     functioning properly, potentially impacting the consumer/'s ability to process data safely. Note that the     matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to     the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The     issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known     workarounds for this vulnerability.

    CVE-2023-1945:
    Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially     exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10.

    CVE-2023-0547:
    OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and     revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug.
    This vulnerability affects Thunderbird < 102.10.

    CVE-2023-44488:
    VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

    CVE-2023-32206:
    An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects     Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

    CVE-2023-32205:
    In multiple cases browser prompts could have been obscured by popups controlled by content. These could     have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113,     Firefox ESR < 102.11, and Thunderbird < 102.11.

    CVE-2023-32211:
    A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox <     113, Firefox ESR < 102.11, and Thunderbird < 102.11.

    CVE-2023-32207:
    A missing delay in popup notifications could have made it possible for an attacker to trick a user into     granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird <     102.11.

    CVE-2023-32212:
    An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This     vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

    CVE-2023-32213:
    When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects     Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

    CVE-2023-32215:
    Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian     Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112     and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects     Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

    CVE-2023-37201:
    An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
    This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

    CVE-2023-37202:
    Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to     be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115,     Firefox ESR < 102.13, and Thunderbird < 102.13.

    CVE-2023-37207:
    A website could have obscured the fullscreen notification by using a URL with a scheme handled by an     external program, such as a mailto URL. This could have led to user confusion and possible spoofing     attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

    CVE-2023-4055:
    When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the     host was no longer consistent with expected cookie jar state. This could have caused requests to be sent     with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1.

    CVE-2023-4574:
    When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks     could have been created at a time and eventually all simultaneously destroyed as soon as one of the     callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This     vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

    CVE-2023-4573:
    When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could     have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox <     117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

    CVE-2023-4581:
    Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed     them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox <     117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

    CVE-2023-4045:
    Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image     data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1.

    CVE-2023-4053:
    A website could have obscured the full screen notification by using a URL with a scheme handled by an     external program, such as a mailto URL. This could have led to user confusion and possible spoofing     attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.

    CVE-2023-4580:
    Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing     the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and     Thunderbird < 115.2.

    CVE-2023-4051:
    A website could have obscured the full screen notification by using the file open dialog. This could have     led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR     < 115.2, and Thunderbird < 115.2.

    CVE-2023-4578:
    When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling     `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is     available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax     Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

    CVE-2023-4049:
    Race conditions in reference counting code were found through code inspection. These could have resulted     in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116,     Firefox ESR < 102.14, and Firefox ESR < 115.1.

    CVE-2023-4046:
    In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This     resulted in incorrect compilation and a potentially exploitable crash in the content process. This     vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

    CVE-2023-4050:
    In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This     resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability     affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

    CVE-2023-29536:
    An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-     controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This     vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android <     112, and Thunderbird < 102.10.

    CVE-2023-29548:
    A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This     vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android <     112, and Thunderbird < 102.10.

    CVE-2023-29541:
    Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be     interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain     Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected     Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR <     102.10, Firefox for Android < 112, and Thunderbird < 102.10.

    CVE-2023-29550:
    Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla     Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112,     Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

    CVE-2023-4048:
    An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low     memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR <     115.1.

    CVE-2023-4047:
    A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user     into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR     < 115.1.

    CVE-2023-5730:
    Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 119 and Firefox ESR < 115.4.
    The Mozilla Foundation Security Advisory describes this flaw as:
    Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code.

    CVE-2023-4863:
    Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform     an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

    CVE-2023-4585:
    Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and     Thunderbird < 115.2.

    CVE-2023-4584:
    Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and     Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough     effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox <     117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

    CVE-2023-4583:
    When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not     available then it was assumed to have already been discarded which was not always the case for private     channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR <     115.2, and Thunderbird < 115.2.

    CVE-2023-4577:
    When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage     collected prior to entering the function, which could potentially have led to an exploitable crash. This     vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

    CVE-2023-4575:
    When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could     have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks     finished. This could have led to a use-after-free causing a potentially exploitable crash. This     vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

    CVE-2023-4057:
    Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and     Thunderbird < 115.1.

    CVE-2023-37211:
    Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and     Thunderbird < 102.13.

    CVE-2023-4056:
    Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and     Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects     Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

    CVE-2023-37208:
    When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
    This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

    CVE-2023-34416:
    Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and     Thunderbird < 102.12.

    CVE-2023-34414:
    The error page for sites with invalid TLS certificates was missing the     activation-delay Firefox uses to protect prompts and permission dialogs     from attacks that exploit human response time delays. If a malicious     page elicited user clicks in precise locations immediately before     navigating to a site with a certificate error and made the renderer     extremely busy at the same time, it could create a gap between when     the error page was loaded and when the display actually refreshed.
    With the right timing the elicited clicks could land in that gap and     activate the button that overrides the certificate error for that site. This vulnerability affects Firefox     ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.

    CVE-2023-29539:
    When handling the filename directive in the Content-Disposition header, the filename would be truncated if     the filename contained a NULL character. This could have led to reflected file download attacks     potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android     < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

    CVE-2023-29535:
    Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly     traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects     Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird <     102.10.

    CVE-2023-29533:
    A website could have obscured the fullscreen notification by using a combination of     <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and     <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This     vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android <     112, and Thunderbird < 102.10.

    CVE-2023-1999:
    There exists a use after free/double free in libwebp. An attacker can use theApplyFiltersAndEncode()     function and loop through to free best.bw and assign best = trial pointer. The second loop will then     return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the     AddressSanitizer will attempt a double free.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

TencentOS Server 4: thunderbird (TSSA-2024:0450)

critical Nessus Plugin ID 239763

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.4 Dec 5, 2025, 5:34 AM Detection (updated detection logic) Plugin Feed: 202512050534
Version 1.3 Nov 23, 2025, 9:24 PM CISA reference Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202511232124
Version 1.2 Nov 21, 2025, 2:12 PM CVE (set "CVE" coverage to "CVE-2023-0547,CVE-2023-1945,CVE-2023-1999,CVE-2023-28427,CVE-2023-29479,CVE-2023-29533,CVE-2023-29535,CVE-2023-29536,CVE-2023-29539,CVE-2023-29541,CVE-2023-29548,CVE-2023-29550,CVE-2023-32205,CVE-2023-32206,CVE-2023-32207,CVE-2023-32211,CVE-2023-32212,CVE-2023-32213,CVE-2023-32215,CVE-2023-3417,CVE-2023-34414,CVE-2023-34416,CVE-2023-37201,CVE-2023-37202,CVE-2023-37207,CVE-2023-37208,CVE-2023-37211,CVE-2023-4045,CVE-2023-4046,CVE-2023-4047,CVE-2023-4048,CVE-2023-4049,CVE-2023-4050,CVE-2023-4051,CVE-2023-4053,CVE-2023-4055,CVE-2023-4056,CVE-2023-4057,CVE-2023-44488,CVE-2023-4573,CVE-2023-4574,CVE-2023-4575,CVE-2023-4577,CVE-2023-4578,CVE-2023-4580,CVE-2023-4581,CVE-2023-4583,CVE-2023-4584,CVE-2023-4585,CVE-2023-4863,CVE-2023-5730") CVSS metrics ("CVSSv2 score" set to 10.0) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSS metrics ("CVSSv3 score" set to 9.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CVSSv2 score source (set to "CVE-2023-5730") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin metadata Plugin Feed: 202511211412
Version 1.1 Jun 17, 2025, 2:02 AM New Plugin Feed: 202506170202