This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The remote Mac OS X host contains a mail client that is potentially
affected by several vulnerabilities.
The installed version of Thunderbird is earlier than 12.0 and thus, is
potentially affected by the following security issues :
can lead to information disclosure. (CVE-2011-1187)
- An off-by-one error exists in the 'OpenType Sanitizer'
which can lead to out-bounds-reads and possible code
- Memory safety issues exist that could lead
to arbitrary code execution. (CVE-2012-0467,
- A use-after-free error exists related to 'IDBKeyRange'
of 'indexedDB'. (CVE-2012-0469)
- Heap-corruption errors exist related to
'gfxImageSurface' which can lead to possible code
- A multi-octet encoding issue exists which could allow
cross-site scripting attacks as certain octets in
multibyte character sets can destroy following octets.
- An error exists in 'WebGLBuffer' that can lead to the
reading of illegal video memory. (CVE-2012-0473)
- An unspecified error can allow URL bar spoofing.
- IPv6 addresses and cross-site 'XHR' or 'WebSocket'
connections on non-standard ports can allow this
application to send ambiguous origin headers.
- A decoding issue exists related to 'ISO-2022-KR' and
'ISO-2022-CN' character sets which could lead to cross-
site scripting attacks. (CVE-2012-0477)
- An error exists related to 'WebGL' and 'texImage2D'
that can allow application crashes and possibly code
execution when 'JSVAL_TO_OBJECT' is used on ordinary
- Address bar spoofing is possible when 'Atom XML' or
'RSS' data is loaded over HTTPS leading to phishing
See also :
Upgrade to Thunderbird 12.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 58896 ()
Bugtraq ID: 532195322053221532225322353224532255322753228532295323053231
CVE ID: CVE-2011-1187CVE-2011-3062CVE-2012-0467CVE-2012-0468CVE-2012-0469CVE-2012-0470CVE-2012-0471CVE-2012-0473CVE-2012-0474CVE-2012-0475CVE-2012-0477CVE-2012-0478CVE-2012-0479
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.