Detections
Analytics

Mozilla Thunderbird < 52.8

critical Nessus Plugin ID 275624

Language:

Synopsis

A mail client installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.

Description

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-13 advisory.

 - Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. (CVE-2018-5183)

 - Using remote content in encrypted messages can lead to the disclosure of plaintext. (CVE-2018-5184)

 - A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. (CVE-2018-5154)

 - A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths.
 This results in a potentially exploitable crash. (CVE-2018-5155)

 - An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. (CVE-2018-5159)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Mozilla Thunderbird version 52.8 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/

Plugin Details

Severity: Critical

ID: 275624

File Name: macos_thunderbird_52_8.nasl

Version: 1.1

Type: local

Agent: macosx

Published: 11/18/2025

Updated: 11/18/2025

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-5183

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:thunderbird

Required KB Items: installed_sw/Mozilla Thunderbird

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/18/2018

Vulnerability Publication Date: 5/9/2018

Reference Information

CVE: CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5159, CVE-2018-5161, CVE-2018-5162, CVE-2018-5168, CVE-2018-5170, CVE-2018-5174, CVE-2018-5178, CVE-2018-5183, CVE-2018-5184, CVE-2018-5185