The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2888 advisory.

    [115.11.0-1.0.1]
    - Add Oracle prefs

    [115.11.0-1]
    - Update to 115.11.0 build2

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5693 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5693-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     May 17, 2024                          https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : thunderbird     CVE ID         : CVE-2024-4367 CVE-2024-4767 CVE-2024-4768 CVE-2024-4769                      CVE-2024-4770 CVE-2024-4777

    Multiple security issues were discovered in Thunderbird, which could     result in denial of service or the execution of arbitrary code.

    For the oldstable distribution (bullseye), these problems have been fixed     in version 1:115.11.0-1~deb11u1.

    For the stable distribution (bookworm), these problems have been fixed in     version 1:115.11.0-1~deb12u1.

    We recommend that you upgrade your thunderbird packages.

    For the detailed security status of thunderbird please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/thunderbird

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-eabe68b149 advisory.

    - new upstream update (126.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2906 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    This update upgrades Firefox to version 115.11.0 ESR.

    Security Fix(es):

    * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)

    * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)

    * firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)

    * firefox: Cross-origin responses could be distinguished between script and non-script content-types     (CVE-2024-4769)

    * firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)

    * firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11     (CVE-2024-4777)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2911 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 115.11.0.

    Security Fix(es):

    * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)

    * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)

    * firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)

    * firefox: Cross-origin responses could be distinguished between script and     non-script content-types (CVE-2024-4769)

    * firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)

    * firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and     Thunderbird 115.11 (CVE-2024-4777)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2912 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    This update upgrades Thunderbird to version 115.11.0.

    Security Fix(es):

    * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)

    * firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)

    * firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)

    * firefox: Cross-origin responses could be distinguished between script and     non-script content-types (CVE-2024-4769)

    * firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)

    * firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and     Thunderbird 115.11 (CVE-2024-4777)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:2888 advisory.

  - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution     in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird <     115.11. (CVE-2024-4367)

  - If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly     deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability     affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. (CVE-2024-4767)

  - A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user     into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird     < 115.11. (CVE-2024-4768)

  - When importing resources using Web Workers, error messages would distinguish the difference between     `application/javascript` responses and non-script responses. This could have been abused to learn     information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird     < 115.11. (CVE-2024-4769)

  - When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This     vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. (CVE-2024-4770)

  - Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and     Thunderbird < 115.11. (CVE-2024-4777)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f848ef90-1848-11ef-9850-001b217b3468 advisory.

    Gitlab reports:
    1-click account takeover via XSS in the code editor in gitlab.com     A DOS vulnerability in the 'description' field of the runner     CSRF via K8s cluster-integration     Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipeline_id did     not match     Redos on wiki render API/Page     Resource exhaustion and denial of service with test_report API calls     Guest user can view dependency lists of private projects through job artifacts     Stored XSS via PDFjs

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution     in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird <     115.11. (CVE-2024-4367)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Published	Updated	Severity
197404	Oracle Linux 9 : thunderbird (ELSA-2024-2888)	Nessus	Oracle Linux Local Security Checks	5/17/2024	9/9/2025	high
197487	Debian dsa-5693 : thunderbird - security update	Nessus	Debian Local Security Checks	5/17/2024	1/23/2025	high
197492	Fedora 40 : firefox (2024-eabe68b149)	Nessus	Fedora Local Security Checks	5/18/2024	3/19/2025	high
197501	RHEL 9 : firefox (RHSA-2024:2906)	Nessus	Red Hat Local Security Checks	5/20/2024	1/23/2025	high
197507	RHEL 8 : thunderbird (RHSA-2024:2911)	Nessus	Red Hat Local Security Checks	5/20/2024	1/23/2025	high
197508	RHEL 8 : thunderbird (RHSA-2024:2912)	Nessus	Red Hat Local Security Checks	5/20/2024	1/23/2025	high
197536	AlmaLinux 9 : thunderbird (ALSA-2024:2888)	Nessus	Alma Linux Local Security Checks	5/21/2024	1/23/2025	high
197719	FreeBSD : Gitlab -- Vulnerabilities (f848ef90-1848-11ef-9850-001b217b3468)	Nessus	FreeBSD Local Security Checks	5/23/2024	1/23/2025	high
246176	Linux Distros Unpatched Vulnerability : CVE-2024-4367	Nessus	Misc.	8/8/2025	8/8/2025	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high