How to Buy
This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The remote Mac OS X host contains a mail client that is potentially
affected by several vulnerabilities.
The installed version of Thunderbird 10.0.x is potentially affected
by the following security issues :
- An off-by-one error exists in the 'OpenType Sanitizer'
which can lead to out-bounds-reads and possible code
- Memory safety issues exist that could lead
to arbitrary code execution. (CVE-2012-0467)
- A use-after-free error exists related to 'IDBKeyRange'
of 'indexedDB'. (CVE-2012-0469)
- Heap-corruption errors exist related to
'gfxImageSurface' which can lead to possible code
- A multi-octet encoding issue exists which can allow
cross-site scripting attacks as certain octets in
multibyte character sets can destroy following octets.
- An error exists in 'WebGLBuffer' that can lead to the
reading of illegal video memory. (CVE-2012-0473)
- An unspecified error can allow URL bar spoofing.
- A decoding issue exists related to 'ISO-2022-KR' and
'ISO-2022-CN' character sets which can lead to cross-
site scripting attacks. (CVE-2012-0477)
- An error exists related to 'WebGL' and 'texImage2D'
that can allow application crashes and possibly code
execution when 'JSVAL_TO_OBJECT' is used on ordinary
- Address bar spoofing is possible when 'Atom XML' or
'RSS' data is loaded over HTTPS leading to phishing
See also :
Upgrade to Thunderbird 10.0.4 ESR or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 58895 ()
Bugtraq ID: 53219532205322253223532245322553227532285322953231
CVE ID: CVE-2011-3062CVE-2012-0467CVE-2012-0469CVE-2012-0470CVE-2012-0471CVE-2012-0473CVE-2012-0474CVE-2012-0477CVE-2012-0478CVE-2012-0479
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.