| VID |
14241 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The remote system does not apply USN-4064-1 which is Thunderbird security update. The system which does not apply the update is affected by the following vulnerabilities:
- Sandbox escape via installation of malicious language pack (CVE-2019-9811)
- Memory safety bugs exist. (CVE-2019-11709)
- Script injection within domain through inner window reuse (CVE-2019-11711)
- Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712)
- Use-after-free with HTTP/2 cached stream (CVE-2019-11713)
- HTML parsing error can contribute to content XSS (CVE-2019-11715)
- Caret character improperly escaped in origins (CVE-2019-11717)
- NSS incorrectly handled importing certain curve25519 private keys, which results in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719)
- NSS incorrectly handled certain p256-ECDH public keys. which results in a denial of service. (CVE-2019-11729)
- Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730)
Note: This check solely relied on the Thunderbird DPKG version of the remote system to assess this vulnerability, so this might be a false positive.
* References:
https://usn.ubuntu.com/4064-1/
* Platforms Affected:
Ubuntu 16.04 LTS
Ubuntu 18.04 LTS |
| Recommendation |
For a command line interface, use the following command to update the operating system:
# apt-get upgrade |
| Related URL |
CVE-2019-11709,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11715,CVE-2019-11717,CVE-2019-11719,CVE-2019-11729,CVE-2019-11730 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
