This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Windows host contains a mail client that is potentially
affected by multiple vulnerabilities.
The installed version of Thunderbird is earlier than 24.3 and is,
therefore, potentially affected the following vulnerabilities:
- Memory issues exist in the browser engine that could
result in a denial of service or arbitrary code
- An error exists related to System Only Wrappers (SOW)
and the XML Binding Language (XBL) that could allow
XUL content to be disclosed. (CVE-2014-1479)
'window' object handling that has unspecified impact.
- An error exists related to 'RasterImage' and image
decoding that could allow application crashes and
possibly arbitrary code execution. (CVE-2014-1482)
- A use-after-free error exists related to image handling
and 'imgRequestProxy' that could allow application
crashes and possibly arbitrary code execution.
- An error exists related to 'web workers' that could
allow cross-origin information disclosure.
- Network Security Services (NSS) contains a race
condition in libssl that occurs during session ticket
processing. A remote attacker can exploit this flaw
to cause a denial of service. (CVE-2014-1490)
- Network Security Services (NSS) does not properly
restrict public values in Diffie-Hellman key exchanges,
allowing a remote attacker to bypass cryptographic
protection mechanisms. (CVE-2014-1491)
See also :
Upgrade to Thunderbird 24.3 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false
Nessus Plugin ID: 72332 ()
Bugtraq ID: 6531765320653266532865330653326533465335
CVE ID: CVE-2014-1477CVE-2014-1479CVE-2014-1481CVE-2014-1482CVE-2014-1486CVE-2014-1487CVE-2014-1490CVE-2014-1491
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.