Test Kennung:	1.3.6.1.4.1.25623.1.0.884274
Kategorie:	CentOS Local Security Checks
Titel:	CentOS: Security Advisory for thunderbird (CESA-2023:0817)
Zusammenfassung:	The remote host is missing an update for the 'thunderbird'; package(s) announced via the CESA-2023:0817 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the CESA-2023:0817 advisory. Vulnerability Insight: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Security Fix(es): * Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767) * Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728) * Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730) * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735) * Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737) * Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ ScriptLoadContext (CVE-2023-25739) * Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743) * Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744) * Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746) * Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729) * Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732) * Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP (CVE-2023-0616) * Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'thunderbird' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-0616 https://bugzilla.mozilla.org/show_bug.cgi?id=1806507 https://www.mozilla.org/security/advisories/mfsa2023-07/ Common Vulnerability Exposure (CVE) ID: CVE-2023-0767 https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html https://bugzilla.mozilla.org/show_bug.cgi?id=1804640 https://www.mozilla.org/security/advisories/mfsa2023-05/ https://www.mozilla.org/security/advisories/mfsa2023-06/ Common Vulnerability Exposure (CVE) ID: CVE-2023-25728 https://bugzilla.mozilla.org/show_bug.cgi?id=1790345 Common Vulnerability Exposure (CVE) ID: CVE-2023-25729 https://bugzilla.mozilla.org/show_bug.cgi?id=1792138 Common Vulnerability Exposure (CVE) ID: CVE-2023-25730 https://bugzilla.mozilla.org/show_bug.cgi?id=1794622 Common Vulnerability Exposure (CVE) ID: CVE-2023-25732 https://bugzilla.mozilla.org/show_bug.cgi?id=1804564 Common Vulnerability Exposure (CVE) ID: CVE-2023-25735 https://bugzilla.mozilla.org/show_bug.cgi?id=1810711 Common Vulnerability Exposure (CVE) ID: CVE-2023-25737 https://bugzilla.mozilla.org/show_bug.cgi?id=1811464 Common Vulnerability Exposure (CVE) ID: CVE-2023-25739 https://bugzilla.mozilla.org/show_bug.cgi?id=1811939 Common Vulnerability Exposure (CVE) ID: CVE-2023-25742 https://bugzilla.mozilla.org/show_bug.cgi?id=1813424 Common Vulnerability Exposure (CVE) ID: CVE-2023-25743 https://bugzilla.mozilla.org/show_bug.cgi?id=1800203 Common Vulnerability Exposure (CVE) ID: CVE-2023-25744 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536 Common Vulnerability Exposure (CVE) ID: CVE-2023-25746 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544127%2C1762368
Copyright	Copyright (C) 2023 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.