| Beschreibung: | Summary:
The remote host is missing an update for the 'thunderbird'
package(s) announced via the referenced advisory.
Vulnerability Insight:
Multiple security issues were discovered in
Thunderbird. If a user were tricked in to opening a specially crafted message,
an attacker could potentially exploit these to read uninitialized memory, cause
a denial of service via application crash, or execute arbitrary code.
(CVE-2017-5429, CVE-2017-5430, CVE-2017-5436, CVE-2017-5443, CVE-2017-5444,
CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5461, CVE-2017-5467)
Multiple security issues were discovered in Thunderbird. If a user were tricked
in to opening a specially crafted website in a browsing context, an attacker
could potentially exploit these to spoof the addressbar contents, conduct
cross-site scripting (XSS) attacks, cause a denial of service via application
crash, or execute arbitrary code. (CVE-2017-5432, CVE-2017-5433, CVE-2017-5434,
CVE-2017-5435, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440,
CVE-2017-5441, CVE-2017-5442, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454,
CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466,
CVE-2017-5469, CVE-2017-10195, CVE-2017-10196, CVE-2017-10197) A flaw was
discovered in the DRBG number generation in NSS. If an attacker were able to
perform a man-in-the-middle attack, this flaw could potentially be exploited to
view sensitive information. (CVE-2017-5462)
Affected Software/OS:
thunderbird on Ubuntu 17.04,
Ubuntu 16.10,
Ubuntu 16.04 LTS,
Ubuntu 14.04 LTS
Solution:
Please Install the Updated Packages.
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
