This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.
The remote Mac OS X host contains an email client that is potentially
affected by multiple vulnerabilities.
The installed version of Thunderbird 7.x is potentially affected by
the following security issues :
- Certain invalid sequences are not handled properly in
'Shift-JIS' encoding, which can allow cross-site
scripting attacks. (CVE-2011-3648)
the application to crash. It may be possible to trigger
this behavior even when the debugging APIs are not being
- Multiple memory safety issues exist. (CVE-2011-3651)
- An unchecked memory allocation failure can cause the
application to crash. (CVE-2011-3652)
- An issue with WebGL graphics and GPU drivers can allow
cross-origin image theft. (CVE-2011-3653)
- An error exists related to SVG 'mpath' linking to a
non-SVG element, which can result in potentially
exploitable application crashes. (CVE-2011-3654)
- An error in internal privilege checking can allow
web content to obtain elevated privileges.
See also :
Upgrade to Thunderbird 8.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 56758 ()
Bugtraq ID: 50592505935059450595505975060050602
CVE ID: CVE-2011-3648CVE-2011-3650CVE-2011-3651CVE-2011-3652CVE-2011-3653CVE-2011-3654CVE-2011-3655
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.