Test ID:	1.3.6.1.4.1.25623.1.0.843592
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3714-1)
Summary:	The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-3714-1 advisory.
Description:	Summary: The remote host is missing an update for the 'thunderbird' package(s) announced via the USN-3714-1 advisory. Vulnerability Insight: Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary code. (CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366) It was discovered that S/MIME and PGP decryption oracles can be built with HTML emails. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-12372) It was discovered that S/MIME plaintext can be leaked through HTML reply/forward. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-12373) It was discovered that forms can be used to exfiltrate encrypted mail parts by pressing enter in a form field. An attacker could potentially exploit this to obtain sensitive information. (CVE-2018-12374) Affected Software/OS: 'thunderbird' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 17.10, Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12359 BugTraq ID: 104555 http://www.securityfocus.com/bid/104555 Debian Security Information: DSA-4235 (Google Search) https://www.debian.org/security/2018/dsa-4235 Debian Security Information: DSA-4244 (Google Search) https://www.debian.org/security/2018/dsa-4244 https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html RedHat Security Advisories: RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2112 RedHat Security Advisories: RHSA-2018:2113 https://access.redhat.com/errata/RHSA-2018:2113 RedHat Security Advisories: RHSA-2018:2251 https://access.redhat.com/errata/RHSA-2018:2251 RedHat Security Advisories: RHSA-2018:2252 https://access.redhat.com/errata/RHSA-2018:2252 http://www.securitytracker.com/id/1041193 https://usn.ubuntu.com/3705-1/ https://usn.ubuntu.com/3714-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-12360 Common Vulnerability Exposure (CVE) ID: CVE-2018-12362 BugTraq ID: 104560 http://www.securityfocus.com/bid/104560 Common Vulnerability Exposure (CVE) ID: CVE-2018-12363 Common Vulnerability Exposure (CVE) ID: CVE-2018-12364 Common Vulnerability Exposure (CVE) ID: CVE-2018-12365 Common Vulnerability Exposure (CVE) ID: CVE-2018-12366 Common Vulnerability Exposure (CVE) ID: CVE-2018-12372 BugTraq ID: 104613 http://www.securityfocus.com/bid/104613 Common Vulnerability Exposure (CVE) ID: CVE-2018-12373 Common Vulnerability Exposure (CVE) ID: CVE-2018-12374 Common Vulnerability Exposure (CVE) ID: CVE-2018-5188 https://usn.ubuntu.com/3749-1/
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.