The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5385 advisory.

    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially     result in the execution of arbitrary code or spoofing. For the stable distribution (bullseye), these     problems have been fixed in version 102.10.0esr-1~deb11u1. We recommend that you upgrade your firefox-esr     packages. For the detailed security status of firefox-esr please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/firefox-esr

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-thunderbird installed on the remote host is prior to 102.10.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-102-01 advisory.

  - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and     revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug.
    (CVE-2023-0547)

  - Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially     exploitable crash.  (CVE-2023-1945)

  - Certain malformed OpenPGP messages could trigger incorrect parsing of PKESK/SKESK packets due to a bug in     the Ribose RNP library used by Thunderbird up to version 102.9.1, which would cause the Thunderbird user     interface to hang. The issue was discovered using Google's oss-fuzz.  (CVE-2023-29479)

  - An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory     corruption and a potentially exploitable crash. This bug only affects Firefox for macOS. Other operating     systems are unaffected.  (CVE-2023-29531)

  - A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by     pointing the service at an update file on a malicious SMB server. The update file can be replaced after     the signature check, before the use, because the write-lock requested by the service does not work on a     SMB server. Note: This attack requires local system access and only affects Windows. Other operating     systems are not affected.  (CVE-2023-29532)

  - A website could have obscured the fullscreen notification by using a combination of     <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and     <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks.
    (CVE-2023-29533)

  - Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly     traced. This resulted in memory corruption and a potentially exploitable crash.  (CVE-2023-29535)

  - An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-     controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash.
    (CVE-2023-29536)

  - When handling the filename directive in the Content-Disposition header, the filename would be truncated if     the filename contained a NULL character. This could have led to reflected file download attacks     potentially tricking users to install malware.  (CVE-2023-29539)

  - Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be     interpreted to run attacker-controlled commands.  This bug only affects Firefox for Linux on certain     Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected     Linux Distributions.  (CVE-2023-29541)

  - A newline in a filename could have been used to bypass the file extension security mechanisms that replace     malicious file extensions such as .lnk  with .download. This could have led to accidental execution of     malicious code. This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.
    (CVE-2023-29542)

  - Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing     environment variable names would have resolved those in the context of the current user.  This bug only     affects Firefox on Windows. Other versions of Firefox are unaffected.  (CVE-2023-29545)

  - A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result.
    (CVE-2023-29548)

  - Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla     Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code.  (CVE-2023-29550)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1787 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 102.10.0 ESR.

    Security Fix(es):

    * MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)

    * Mozilla: Fullscreen notification obscured (CVE-2023-29533)

    * Mozilla: Potential Memory Corruption following Garbage Collector compaction (CVE-2023-29535)

    * Mozilla: Invalid free from JavaScript code (CVE-2023-29536)

    * Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550)

    * Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)

    * Mozilla: Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539)

    * Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541)

    * Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1855-1 advisory.

  - Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially     exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10.
    (CVE-2023-1945)

  - An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory     corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS.
    Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10,     and Thunderbird < 102.10. (CVE-2023-29531)

  - A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by     pointing the service at an update file on a malicious SMB server. The update file can be replaced after     the signature check, before the use, because the write-lock requested by the service does not work on a     SMB server. *Note: This attack requires local system access and only affects Windows. Other operating     systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird     < 102.10. (CVE-2023-29532)

  - A website could have obscured the fullscreen notification by using a combination of     <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and     <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This     vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android <     112, and Thunderbird < 102.10. (CVE-2023-29533)

  - Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly     traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects     Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird <     102.10. (CVE-2023-29535)

  - An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-     controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This     vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android <     112, and Thunderbird < 102.10. (CVE-2023-29536)

  - When handling the filename directive in the Content-Disposition header, the filename would be truncated if     the filename contained a NULL character. This could have led to reflected file download attacks     potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android     < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. (CVE-2023-29539)

  - Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be     interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain     Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected     Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR <     102.10, Firefox for Android < 112, and Thunderbird < 102.10. (CVE-2023-29541)

  - A newline in a filename could have been used to bypass the file extension security mechanisms that replace     malicious file extensions such as .lnk with .download. This could have led to accidental execution of     malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and     Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and     Thunderbird < 102.10. (CVE-2023-29542)

  - Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing     environment variable names would have resolved those in the context of the current user. *This bug only     affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.*     This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. (CVE-2023-29545)

  - A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This     vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android <     112, and Thunderbird < 102.10. (CVE-2023-29548)

  - Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla     Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112,     Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. (CVE-2023-29550)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1810 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 102.10.0.

    Security Fix(es):

    * Thunderbird: Revocation status of S/Mime recipient certificates was not checked (CVE-2023-0547)

    * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2023-28427)

    * Mozilla: Fullscreen notification obscured (CVE-2023-29533)

    * Mozilla: Potential Memory Corruption following Garbage Collector compaction (CVE-2023-29535)

    * Mozilla: Invalid free from JavaScript code (CVE-2023-29536)

    * Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550)

    * Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)

    * Thunderbird: Hang when processing certain OpenPGP messages (CVE-2023-29479)

    * Mozilla: Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539)

    * Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541)

    * Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

    * MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1804 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 102.10.0.

    Security Fix(es):

    * Thunderbird: Revocation status of S/Mime recipient certificates was not checked (CVE-2023-0547)

    * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2023-28427)

    * Mozilla: Fullscreen notification obscured (CVE-2023-29533)

    * Mozilla: Potential Memory Corruption following Garbage Collector compaction (CVE-2023-29535)

    * Mozilla: Invalid free from JavaScript code (CVE-2023-29536)

    * Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550)

    * Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)

    * Thunderbird: Hang when processing certain OpenPGP messages (CVE-2023-29479)

    * Mozilla: Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539)

    * Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541)

    * Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

    * MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-1791 advisory.

    [102.10.0-1.0.1]
    - Remove upstream references [Orabug: 30143292]
    - Update distribution for Oracle Linux [Orabug: 30143292]
    - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

    [102.10.0-1]
    - Update to 102.10.0 build1

    [102.9.0-4]
    - Update to 102.9.0 build2

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1802 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 102.10.0.

    Security Fix(es):

    * Thunderbird: Revocation status of S/Mime recipient certificates was not checked (CVE-2023-0547)

    * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2023-28427)

    * Mozilla: Fullscreen notification obscured (CVE-2023-29533)

    * Mozilla: Potential Memory Corruption following Garbage Collector compaction (CVE-2023-29535)

    * Mozilla: Invalid free from JavaScript code (CVE-2023-29536)

    * Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550)

    * Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)

    * Thunderbird: Hang when processing certain OpenPGP messages (CVE-2023-29479)

    * Mozilla: Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539)

    * Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541)

    * Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

    * MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-1809 advisory.

    [102.10.0-2.0.1]
    - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js

    [102.10.0-2]
    - Update to 102.10.0 build2

    [102.10.0-1]
    - Update to 102.10.0 build1

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1809 advisory.

  - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0     events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from     functioning properly, potentially impacting the consumer's ability to process data safely. Note that the     matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to     the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The     issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known     workarounds for this vulnerability. (CVE-2023-28427)

  - Ribose RNP before 0.16.3 may hang when the input is malformed. (CVE-2023-29479)

  - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and     revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug.
    (CVE-2023-0547)

  - Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially     exploitable crash.  (CVE-2023-1945)

  - A website could have obscured the fullscreen notification by using a combination of     <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and     <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks.
    (CVE-2023-29533)

  - Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly     traced. This resulted in memory corruption and a potentially exploitable crash.  (CVE-2023-29535)

  - An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-     controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash.
    (CVE-2023-29536)

  - When handling the filename directive in the Content-Disposition header, the filename would be truncated if     the filename contained a NULL character. This could have led to reflected file download attacks     potentially tricking users to install malware.  (CVE-2023-29539)

  - Thunderbird did not properly handle downloads of files ending in <code>.desktop</code>, which can be     interpreted to run attacker-controlled commands.  This bug only affects Thunderbird for Linux on certain     Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected     Linux Distributions.  (CVE-2023-29541)

  - A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result.
    (CVE-2023-29548)

  - Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team     reported memory safety bugs present in Thunderbird 102.9. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort some of these could have been exploited to run arbitrary     code.  (CVE-2023-29550)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
174214	Debian DSA-5385-1 : firefox-esr - security update	Nessus	Debian Local Security Checks	4/13/2023	1/24/2025	high
174243	Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2023-102-01)	Nessus	Slackware Local Security Checks	4/13/2023	7/10/2023	critical
174343	RHEL 8 : firefox (RHSA-2023:1787)	Nessus	Red Hat Local Security Checks	4/14/2023	11/7/2024	high
174372	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2023:1855-1)	Nessus	SuSE Local Security Checks	4/15/2023	7/14/2023	critical
174406	RHEL 9 : thunderbird (RHSA-2023:1810)	Nessus	Red Hat Local Security Checks	4/17/2023	11/7/2024	high
174412	RHEL 8 : thunderbird (RHSA-2023:1804)	Nessus	Red Hat Local Security Checks	4/17/2023	11/7/2024	high
174417	Oracle Linux 7 : firefox (ELSA-2023-1791)	Nessus	Oracle Linux Local Security Checks	4/17/2023	10/22/2024	high
174420	RHEL 8 : thunderbird (RHSA-2023:1802)	Nessus	Red Hat Local Security Checks	4/17/2023	11/7/2024	high
174433	Oracle Linux 9 : thunderbird (ELSA-2023-1809)	Nessus	Oracle Linux Local Security Checks	4/18/2023	10/22/2024	high
174797	Rocky Linux 9 : thunderbird (RLSA-2023:1809)	Nessus	Rocky Linux Local Security Checks	4/26/2023	6/9/2023	high

Detections

Analytics

Plugins Search

high

critical

high

critical

high

high

high

high

high

high