icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Mozilla Thunderbird < 3.0.4 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

The remote host is running a version of Mozilla Thunderbird earlier than 3.0.4. Such versions are potentially affected by multiple security issues :

- Multiple crashes can result in arbitrary code execution. (MFSA 2010-16)

- A select event handler for XUL tree items can be called after the item is deleted. (MFSA 2010-17)

- An error exists in the way '<option>' elements are inserted into a XUL tree '<optgroup>'. (MFSA 2010-18)

Session renegotiations are not handled properly, which can be exploited to insert arbitrary plaintext by a man-in-the-middle. (MFSA 2010-22)

- XML documents fail to call certain security checks when loading new content. (MFSA 2010-24)

IAVA Reference : 2011-A-0107 IAVB Reference : 2012-B-0038 STIG Finding Severity : Category I

Solution

Upgrade to Mozilla Thunderbird 3.0.4 or later.