This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The remote Mac OS X host contains a mail client that is potentially
affected by several vulnerabilities.
The installed version of Thunderbird 10.0.x is potentially affected
by the following security issues :
- Multiple memory corruption issues. By tricking a user
into visiting a specially crafted page, these issues may
allow an attacker to execute arbitrary code in the
context of the affected application. (CVE-2012-0454,
CVE-2012-0457, CVE-2012-0459, CVE-2012-0461,
CVE-2012-0462, CVE-2012-0463, CVE-2012-0464)
- An HTTP Header security bypass vulnerability exists that
can be leveraged by attackers to bypass certain security
restrictions and conduct cross-site scripting attacks.
- A security bypass vulnerability exists that can be
exploited by an attacker if the victim can be tricked
into setting a new home page by dragging a specially
crafted link to the 'home' button URL, which will set
- An information disclosure vulnerability exists due to an
out-of-bounds read in SVG filters. (CVE-2012-0456)
- A cross-site scripting vulnerability exists that can be
onto a frame. (CVE-2012-0455)
- 'window.fullScreen' is writeable by untrusted content,
allowing attackers to perform UI spoofing attacks.
See also :
Upgrade to Thunderbird 10.0.3 ESR or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 58355 ()
Bugtraq ID: 524555245652457524585245952460524615246352464524655246652467
CVE ID: CVE-2012-0451CVE-2012-0454CVE-2012-0455CVE-2012-0456CVE-2012-0457CVE-2012-0458CVE-2012-0459CVE-2012-0460CVE-2012-0461CVE-2012-0462CVE-2012-0463CVE-2012-0464
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.