This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The remote Mac OS X host contains a mail client that is potentially
affected by several vulnerabilities.
The installed version of Thunderbird is earlier than 13.0 and thus,
is potentially affected by the following security issues :
- An error exists in the ASN.1 decoder when handling zero
length items that can lead to application crashes.
- Multiple memory corruption errors exist. (CVE-2012-1937,
- Two heap-based buffer overflows and one heap-based use-
after-free error exist and are potentially exploitable.
(CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)
- The inline-script blocking feature of the 'Content
Security Policy' (CSP) does not properly block inline
event handlers. This error allows remote attackers to
more easily carry out cross-site scripting attacks.
- A use-after-free error exists related to replacing or
inserting a node into a web document. (CVE-2012-1946)
- An error exists related to the certificate warning page
that can allow 'clickjacking' thereby tricking a user
into accepting unintended certificates. (CVE-2012-1964)
See also :
Upgrade to Thunderbird 13.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 59405 ()
Bugtraq ID: 537915379253793537945379653798538005380154581
CVE ID: CVE-2012-0441CVE-2012-1937CVE-2012-1938CVE-2012-1940CVE-2012-1941CVE-2012-1944CVE-2012-1946CVE-2012-1947CVE-2012-1964
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.