This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote Mac OS X host contains an email client that is potentially
affected by multiple vulnerabilities.
The installed version of Thunderbird 7.x is potentially affected by
the following security issues :
- Certain invalid sequences are not handled properly in
'Shift-JIS' encoding, which can allow cross-site
scripting attacks. (CVE-2011-3648)
the application to crash. It may be possible to trigger
this behavior even when the debugging APIs are not being
- Multiple memory safety issues exist. (CVE-2011-3651)
- An unchecked memory allocation failure can cause the
application to crash. (CVE-2011-3652)
- An issue with WebGL graphics and GPU drivers can allow
cross-origin image theft. (CVE-2011-3653)
- An error exists related to SVG 'mpath' linking to a
non-SVG element, which can result in potentially
exploitable application crashes. (CVE-2011-3654)
- An error in internal privilege checking can allow
web content to obtain elevated privileges.
See also :
Upgrade to Thunderbird 8.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true