This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The remote Mac OS X host contains an email client that is potentially
affected by several vulnerabilities.
The installed version of Thunderbird 9.x is potentially affected by
the following security issues :
- A use-after-free error exists related to removed
nsDOMAttribute child nodes.(CVE-2011-3659)
- Various memory safety issues exist. (CVE-2012-0442,
- Memory corruption errors exist related to the
decoding of Ogg Vorbis files and processing of
malformed XSLT stylesheets. (CVE-2012-0444,
- The HTML5 frame navigation policy can be violated by
allowing an attacker to replace a sub-frame in another
domain's document. (CVE-2012-0445)
- Scripts in frames are able to bypass security
restrictions in XPConnect. This bypass can allow
malicious websites to carry out cross-site scripting
- An information disclosure issue exists when
uninitialized memory is used as padding when encoding
icon images. (CVE-2012-0447)
See also :
Upgrade to Thunderbird 10.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 57775 ()
Bugtraq ID: 51752517535175451755517565175751765
CVE ID: CVE-2011-3659CVE-2012-0442CVE-2012-0443CVE-2012-0444CVE-2012-0445CVE-2012-0446CVE-2012-0447CVE-2012-0449
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.