Ubuntu Security Notice (C) 2012-2014 Canonical, Inc. / NASL script (C) 2012-2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian
Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse
Ruderman, Marcia Knous, and Rober Longson discovered several memory
safety issues which could possibly be exploited to crash Thunderbird
or execute arbitrary code as the user that invoked Thunderbird.
Aki Helin discovered a crash in the YARR regular expression library
It was discovered that a flaw in the Mozilla SVG implementation could
result in an out-of-bounds memory access if SVG elements were removed
during a DOMAttrModified event handler. An attacker could potentially
exploit this vulnerability to crash Thunderbird. (CVE-2011-3658)
Mario Heiderich discovered it was possible to use SVG animation
disabled. A malicious web page could potentially exploit this to trick
a user into interacting with a prompt thinking it came from
Thunderbird in a context where the user believed scripting was
It was discovered that it was possible to crash Thunderbird when
scaling an OGG <video> element to extreme sizes. (CVE-2011-3665).
Update the affected thunderbird package.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true